Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1532898
MD5:4f245878a56ed4c45fb3fda19421eda8
SHA1:dd0f68f30a7046749d06f10b2596aea02e33cd2b
SHA256:8422d35cff599297ee418fba71f575fb965f1fa508eea453b70b20495c3e685f
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 2336 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 4F245878A56ED4C45FB3FDA19421EDA8)
    • WerFault.exe (PID: 7024 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 1900 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 4476 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 1916 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 7528 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 1952 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["eaglepawnoy.store", "clearancek.site", "dissapoiznw.store", "licendfilteo.site", "bathdoomgaz.store", "studennotediw.store", "spirittunek.store", "mobbipenju.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:02:11.646383+020020546531A Network Trojan was detected192.168.2.449731172.67.206.204443TCP
    2024-10-14T06:02:14.004167+020020546531A Network Trojan was detected192.168.2.449732172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:02:11.646383+020020498361A Network Trojan was detected192.168.2.449731172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:02:14.004167+020020498121A Network Trojan was detected192.168.2.449732172.67.206.204443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:02:09.469485+020020564771Domain Observed Used for C2 Detected192.168.2.4525571.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:02:09.411260+020020564711Domain Observed Used for C2 Detected192.168.2.4553421.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:02:09.446730+020020564811Domain Observed Used for C2 Detected192.168.2.4495261.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:02:09.435813+020020564831Domain Observed Used for C2 Detected192.168.2.4639991.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:02:09.492154+020020564731Domain Observed Used for C2 Detected192.168.2.4560831.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:02:09.423858+020020564851Domain Observed Used for C2 Detected192.168.2.4599961.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:02:09.480204+020020564751Domain Observed Used for C2 Detected192.168.2.4621111.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:02:09.458174+020020564791Domain Observed Used for C2 Detected192.168.2.4590981.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:02:10.854376+020028586661Domain Observed Used for C2 Detected192.168.2.449730104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.2336.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["eaglepawnoy.store", "clearancek.site", "dissapoiznw.store", "licendfilteo.site", "bathdoomgaz.store", "studennotediw.store", "spirittunek.store", "mobbipenju.store"], "Build id": "4SD0y4--legendaryy"}
    Multi AV Scanner detection for domain / URL
    Source: sergei-esenin.comVirustotal: Detection: 17%Perma Link
    Source: eaglepawnoy.storeVirustotal: Detection: 18%Perma Link
    Source: licendfilteo.siteVirustotal: Detection: 15%Perma Link
    Source: studennotediw.storeVirustotal: Detection: 17%Perma Link
    Source: spirittunek.storeVirustotal: Detection: 21%Perma Link
    Source: bathdoomgaz.storeVirustotal: Detection: 21%Perma Link
    Source: dissapoiznw.storeVirustotal: Detection: 21%Perma Link
    Source: mobbipenju.storeVirustotal: Detection: 21%Perma Link
    Source: clearancek.siteVirustotal: Detection: 17%Perma Link
    Source: studennotediw.storeVirustotal: Detection: 17%Perma Link
    Source: https://sergei-esenin.com:443/apifiles/76561199724331900Virustotal: Detection: 9%Perma Link
    Source: eaglepawnoy.storeVirustotal: Detection: 18%Perma Link
    Source: dissapoiznw.storeVirustotal: Detection: 21%Perma Link
    Source: https://eaglepawnoy.store:443/apiVirustotal: Detection: 21%Perma Link
    Source: https://sergei-esenin.com:443/apiVirustotal: Detection: 18%Perma Link
    Source: bathdoomgaz.storeVirustotal: Detection: 21%Perma Link
    Source: https://clearancek.site:443/apiVirustotal: Detection: 19%Perma Link
    Source: clearancek.siteVirustotal: Detection: 17%Perma Link
    Source: spirittunek.storeVirustotal: Detection: 21%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.store
    Source: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.store
    Source: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.store
    Source: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.store
    Source: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.store
    Source: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.store
    Source: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.4:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.4:49732 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_009C99D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0098D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0098D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_0098FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00990EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00996F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_009849A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_009C3920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_0099D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00991ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_009942FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00991A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00985A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_009C4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00991BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00993BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_0098A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_009C9B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_009ACCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_009ACCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_009ACCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_009C9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_009C9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_0099B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0099D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_009AC470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_009AFD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_009A9510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00996536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00991E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00996EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_0098BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00986EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00996F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_009C5700

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.4:62111 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.4:49526 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.4:55342 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.4:59996 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.4:59098 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.4:56083 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.4:52557 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.4:63999 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49732 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49732 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 172.67.206.204:443
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 104.102.49.254:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: eaglepawnoy.store
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: dissapoiznw.store
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: bathdoomgaz.store
    Source: Malware configuration extractorURLs: studennotediw.store
    Source: Malware configuration extractorURLs: spirittunek.store
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewIP Address: 172.67.206.204 172.67.206.204
    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=PBl8_uAZ71ma5TmIb7rtXR6M7MUfeWV0I.l03.tWsC8-1728878531-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: sergei-esenin.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=d9b4d974260e197745e81065; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34837Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 14 Oct 2024 04:02:10 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control>) equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic
    Source: file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000002.2059024144.000000000152F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site:443/api
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000002.2059024144.000000000152F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eaglepawnoy.store:443/api
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000002.2059024144.000000000152F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://licendfilteo.site:443/apiq
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000002.2059024144.0000000001547000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: file.exe, 00000000.00000002.2059024144.000000000152F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/api
    Source: file.exe, 00000000.00000002.2059024144.000000000152F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/apifiles/76561199724331900
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000002.2059024144.000000000152F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spirittunek.store:443/api
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2059024144.0000000001569000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
    Source: file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000002.2059024144.000000000152F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://studennotediw.store:443/api
    Source: file.exe, 00000000.00000002.2059024144.0000000001547000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1801841319.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1801780211.00000000015DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
    Source: file.exe, 00000000.00000003.1801841319.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1801780211.00000000015DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.4:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.4:49732 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009902280_2_00990228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009BE8A00_2_009BE8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009CA0D00_2_009CA0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009920300_2_00992030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0098E1A00_2_0098E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009851600_2_00985160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009C4A400_2_009C4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0098A3000_2_0098A300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099049B0_2_0099049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009944870_2_00994487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00987CA40_2_00987CA4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009ACCD00_2_009ACCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009AC4700_2_009AC470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009835B00_2_009835B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0099C5F00_2_0099C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009AFD100_2_009AFD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00996EBF0_2_00996EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0098BEB00_2_0098BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0098AF100_2_0098AF10
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0099D300 appears 47 times
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 1900
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9995874587458746
    Source: file.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
    Source: classification engineClassification label: mal100.troj.evad.winEXE@4/9@10/2
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2336
    Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\4fd15ef2-8662-4efa-952c-727ac2b4c78bJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: file.exeString found in binary or memory: sRtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNePQ
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 1900
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 1916
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 1952
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: file.exeStatic file information: File size 3019264 > 1048576
    Source: file.exeStatic PE information: Raw size of olqshizd is bigger than: 0x100000 < 0x2b7a00

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.980000.0.unpack :EW;.rsrc :W;.idata :W;olqshizd:EW;fkdtcrjk:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;olqshizd:EW;fkdtcrjk:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x2ece5a should be: 0x2eb0bc
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name: olqshizd
    Source: file.exeStatic PE information: section name: fkdtcrjk
    Source: file.exeStatic PE information: section name: .taggant
    Source: file.exeStatic PE information: section name: entropy: 7.982457602769494

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6A197 second address: B6A1A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE589802EFCh 0x00000009 pop ecx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6A1A8 second address: B6A1AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6A1AE second address: B6A1B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6A1B4 second address: B6A1B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6A1B8 second address: B6A1BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6A440 second address: B6A446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6A446 second address: B6A44C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6A6CF second address: B6A6D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6A99C second address: B6A9A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6A9A0 second address: B6A9E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE589276561h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jns 00007FE58927655Ch 0x00000011 popad 0x00000012 push ecx 0x00000013 push edi 0x00000014 jg 00007FE589276556h 0x0000001a pop edi 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FE589276564h 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6A9E5 second address: B6A9E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6D6D1 second address: B6D6D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6D6D5 second address: B6D6E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007FE589802EF6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6D83F second address: B6D843 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6D945 second address: B6D961 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE589802F07h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6D961 second address: B6D97F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE58927655Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007FE589276556h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6D97F second address: B6D985 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6DA62 second address: B6DA9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 jmp 00007FE589276560h 0x0000000d mov edx, edi 0x0000000f push 00000000h 0x00000011 jno 00007FE589276561h 0x00000017 push D88956BDh 0x0000001c push eax 0x0000001d push edx 0x0000001e ja 00007FE589276558h 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8D3BA second address: B8D3BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B4BE51 second address: B4BE6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 push edi 0x0000000a jmp 00007FE58927655Fh 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B4BE6F second address: B4BE79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FE589802EF6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B4BE79 second address: B4BE7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8B7CC second address: B8B7D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8458E second address: B845A2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FE589276556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FE58927655Ah 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B845A2 second address: B845A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8CC1B second address: B8CC35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 jmp 00007FE589276561h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B90FB6 second address: B90FBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B4D93B second address: B4D93F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B4D93F second address: B4D943 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B4D943 second address: B4D950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9348D second address: B934A1 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FE589802EF8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B934A1 second address: B934A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B91E44 second address: B91E4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B91E4A second address: B91E4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B938CA second address: B938CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9844C second address: B98490 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FE589276566h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e js 00007FE589276556h 0x00000014 jmp 00007FE58927655Bh 0x00000019 jmp 00007FE589276560h 0x0000001e popad 0x0000001f push edi 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B98490 second address: B98496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B98496 second address: B9849B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9849B second address: B984A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B984A0 second address: B984A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B65377 second address: B6537C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6537C second address: B65386 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FE589276562h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9799A second address: B979A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B97AE2 second address: B97B17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jno 00007FE589276568h 0x0000000b pushad 0x0000000c jmp 00007FE589276563h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B98008 second address: B9803A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007FE589802EF6h 0x0000000c popad 0x0000000d push edi 0x0000000e push edx 0x0000000f pop edx 0x00000010 pop edi 0x00000011 pushad 0x00000012 jmp 00007FE589802EFDh 0x00000017 jbe 00007FE589802EF6h 0x0000001d push edi 0x0000001e pop edi 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 jl 00007FE589802EF6h 0x00000028 push eax 0x00000029 pop eax 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9A124 second address: B9A129 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9A1AC second address: B9A1C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE589802F04h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9A5E2 second address: B9A5E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9A5E7 second address: B9A5ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9AD25 second address: B9AD2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9AD2A second address: B9AD3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE589802EFDh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9B03A second address: B9B049 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9B049 second address: B9B065 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FE589802F04h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9B1ED second address: B9B1F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9C2A0 second address: B9C304 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FE589802EF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007FE589802EF8h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 00000018h 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 stc 0x00000029 jg 00007FE589802EF6h 0x0000002f push 00000000h 0x00000031 movzx edi, dx 0x00000034 xchg eax, ebx 0x00000035 jp 00007FE589802F00h 0x0000003b push eax 0x0000003c pushad 0x0000003d push eax 0x0000003e jmp 00007FE589802F01h 0x00000043 pop eax 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 popad 0x00000048 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9D435 second address: B9D45C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589276567h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jo 00007FE589276568h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9D45C second address: B9D460 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9DE54 second address: B9DE5A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9DE5A second address: B9DE7C instructions: 0x00000000 rdtsc 0x00000002 jc 00007FE589802EF8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e ja 00007FE589802EFCh 0x00000014 jns 00007FE589802EFCh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9DE7C second address: B9DEFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 js 00007FE58927655Ch 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007FE589276558h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 00000019h 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 add di, A119h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push edi 0x00000032 call 00007FE589276558h 0x00000037 pop edi 0x00000038 mov dword ptr [esp+04h], edi 0x0000003c add dword ptr [esp+04h], 0000001Ch 0x00000044 inc edi 0x00000045 push edi 0x00000046 ret 0x00000047 pop edi 0x00000048 ret 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d jmp 00007FE589276563h 0x00000052 jp 00007FE589276556h 0x00000058 popad 0x00000059 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9DEFA second address: B9DF00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9DF00 second address: B9DF04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9E73E second address: B9E742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9FFE6 second address: BA0000 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589276566h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA0000 second address: BA0014 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jc 00007FE589802F04h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9FD7F second address: B9FD84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA3D2B second address: BA3D32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA3D32 second address: BA3D53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589276568h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA9CF9 second address: BA9D45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 mov dword ptr [esp], eax 0x00000009 or dword ptr [ebp+1246A045h], esi 0x0000000f push 00000000h 0x00000011 add dword ptr [ebp+122D23ACh], edx 0x00000017 push 00000000h 0x00000019 mov ebx, dword ptr [ebp+122D293Dh] 0x0000001f xchg eax, esi 0x00000020 pushad 0x00000021 pushad 0x00000022 jmp 00007FE589802F06h 0x00000027 jmp 00007FE589802EFFh 0x0000002c popad 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BABCC7 second address: BABCCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA5F47 second address: BA5F4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA8FDE second address: BA8FE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA7FFA second address: BA7FFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA6015 second address: BA601F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FE589276556h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BACB7A second address: BACB7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA601F second address: BA603F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589276560h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jnl 00007FE589276556h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA603F second address: BA6043 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BADB51 second address: BADB57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BADB57 second address: BADB90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FE589802EFBh 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007FE589802EFFh 0x00000011 nop 0x00000012 mov edi, 5522497Dh 0x00000017 push 00000000h 0x00000019 or edi, 5804FD3Ah 0x0000001f push 00000000h 0x00000021 mov bh, 02h 0x00000023 xchg eax, esi 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BABE61 second address: BABE67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BADB90 second address: BADB94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BABE67 second address: BABE81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FE589276561h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BABE81 second address: BABE88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BAEB23 second address: BAEB3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FE58927655Ch 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BAEB3A second address: BAEB56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589802F08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BAEC87 second address: BAECFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 jne 00007FE58927655Fh 0x0000000e push dword ptr fs:[00000000h] 0x00000015 mov dword ptr [ebp+122D1F11h], edx 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 jmp 00007FE58927655Ah 0x00000027 mov eax, dword ptr [ebp+122D0845h] 0x0000002d jnp 00007FE58927655Ch 0x00000033 push FFFFFFFFh 0x00000035 push 00000000h 0x00000037 push ebx 0x00000038 call 00007FE589276558h 0x0000003d pop ebx 0x0000003e mov dword ptr [esp+04h], ebx 0x00000042 add dword ptr [esp+04h], 0000001Ah 0x0000004a inc ebx 0x0000004b push ebx 0x0000004c ret 0x0000004d pop ebx 0x0000004e ret 0x0000004f or dword ptr [ebp+122D34CAh], ebx 0x00000055 push eax 0x00000056 push ecx 0x00000057 pushad 0x00000058 pushad 0x00000059 popad 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB1C12 second address: BB1C18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB220A second address: BB229B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov dword ptr [esp], eax 0x00000008 sub ebx, 23AB0498h 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007FE589276558h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 0000001Bh 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a sbb bx, E55Ah 0x0000002f add ebx, 1CA1DE71h 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push esi 0x0000003a call 00007FE589276558h 0x0000003f pop esi 0x00000040 mov dword ptr [esp+04h], esi 0x00000044 add dword ptr [esp+04h], 0000001Ah 0x0000004c inc esi 0x0000004d push esi 0x0000004e ret 0x0000004f pop esi 0x00000050 ret 0x00000051 jmp 00007FE589276568h 0x00000056 jmp 00007FE58927655Ch 0x0000005b xchg eax, esi 0x0000005c pushad 0x0000005d pushad 0x0000005e pushad 0x0000005f popad 0x00000060 pushad 0x00000061 popad 0x00000062 popad 0x00000063 pushad 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB42E3 second address: BB42E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB23B2 second address: BB23BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FE589276556h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB42E9 second address: BB42ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB42ED second address: BB42F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB42F3 second address: BB42F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB491F second address: BB4931 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FE589276556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007FE589276556h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB4931 second address: BB49CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a movsx edi, dx 0x0000000d push 00000000h 0x0000000f js 00007FE589802EFCh 0x00000015 add dword ptr [ebp+122D21F1h], eax 0x0000001b jmp 00007FE589802F00h 0x00000020 push 00000000h 0x00000022 push 00000000h 0x00000024 push eax 0x00000025 call 00007FE589802EF8h 0x0000002a pop eax 0x0000002b mov dword ptr [esp+04h], eax 0x0000002f add dword ptr [esp+04h], 0000001Dh 0x00000037 inc eax 0x00000038 push eax 0x00000039 ret 0x0000003a pop eax 0x0000003b ret 0x0000003c pushad 0x0000003d js 00007FE589802F0Bh 0x00000043 jmp 00007FE589802F05h 0x00000048 mov dword ptr [ebp+1248046Ch], ebx 0x0000004e popad 0x0000004f xchg eax, esi 0x00000050 jmp 00007FE589802F03h 0x00000055 push eax 0x00000056 push esi 0x00000057 push eax 0x00000058 push edx 0x00000059 jmp 00007FE589802EFDh 0x0000005e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB59EF second address: BB5A08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE58927655Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB4AAD second address: BB4AB2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB5A08 second address: BB5A0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB5BDC second address: BB5BEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589802EFCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB5CAD second address: BB5CB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FE589276556h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBAC57 second address: BBAC5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBAC5B second address: BBAC5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBF147 second address: BBF14F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBF14F second address: BBF153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBF153 second address: BBF15D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FE589802EF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBE7D5 second address: BBE83F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FE589276556h 0x00000008 jmp 00007FE589276568h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007FE589276569h 0x00000015 push edx 0x00000016 pop edx 0x00000017 jmp 00007FE589276567h 0x0000001c jmp 00007FE58927655Dh 0x00000021 popad 0x00000022 pushad 0x00000023 pushad 0x00000024 popad 0x00000025 pushad 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBEAED second address: BBEAF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBEAF3 second address: BBEAF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBEAF7 second address: BBEB07 instructions: 0x00000000 rdtsc 0x00000002 je 00007FE589802EF6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBEB07 second address: BBEB0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBEB0D second address: BBEB11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBECA6 second address: BBECD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007FE589276562h 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FE58927655Fh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBECD1 second address: BBECE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FE589802EFFh 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC2395 second address: BC239B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC908C second address: BC90AE instructions: 0x00000000 rdtsc 0x00000002 jno 00007FE589802EF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FE589802EFAh 0x0000000f push ecx 0x00000010 jmp 00007FE589802EFBh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B529DC second address: B52A0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE58927655Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FE589276565h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B52A0A second address: B52A0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B52A0E second address: B52A1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007FE589276556h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC7E3B second address: BC7E5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FE589802F08h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC842A second address: BC842E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC842E second address: BC8432 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC8706 second address: BC871D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FE589276563h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC871D second address: BC8754 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 js 00007FE589802EF6h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 jmp 00007FE589802EFCh 0x00000018 pop ebx 0x00000019 jmp 00007FE589802F07h 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC8754 second address: BC8759 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC88AF second address: BC88C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FE589802EF6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC88C1 second address: BC88E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FE589276556h 0x0000000a jmp 00007FE589276565h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC88E2 second address: BC88E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC8E20 second address: BC8E26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC8F3D second address: BC8F53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 pushad 0x00000009 jmp 00007FE589802EFBh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCA679 second address: BCA67D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCBD4F second address: BCBD77 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FE589802EF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FE589802EFBh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FE589802F00h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCBD77 second address: BCBD9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE589276564h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007FE589276556h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCE928 second address: BCE92E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCE92E second address: BCE94A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589276568h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD4131 second address: BD413A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD413A second address: BD4151 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 jnp 00007FE589276572h 0x0000000f push eax 0x00000010 push edx 0x00000011 jnl 00007FE589276556h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD4151 second address: BD415B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD415B second address: BD415F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD2F92 second address: BD2FB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589802EFEh 0x00000007 jmp 00007FE589802F00h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD33F6 second address: BD33FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD33FB second address: BD3404 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD3404 second address: BD3428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE58927655Fh 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e js 00007FE58927655Ch 0x00000014 jnl 00007FE589276556h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD3428 second address: BD343D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589802EFEh 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD35D1 second address: BD35DB instructions: 0x00000000 rdtsc 0x00000002 jng 00007FE589276556h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD3A07 second address: BD3A0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD3B88 second address: BD3B8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD3E46 second address: BD3E5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FE589802F00h 0x0000000b jmp 00007FE589802EFAh 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD3E5B second address: BD3E74 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FE589276563h 0x00000008 jmp 00007FE58927655Dh 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD3E74 second address: BD3E7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FE589802EF6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD3E7E second address: BD3E82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA1CE6 second address: BA1CEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA1CEA second address: BA1CEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA1CEE second address: B8458E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c popad 0x0000000d mov dword ptr [esp], eax 0x00000010 jns 00007FE589802EFCh 0x00000016 call dword ptr [ebp+122D1ED9h] 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push edi 0x00000021 pop edi 0x00000022 jmp 00007FE589802F02h 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA1E92 second address: BA1EAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE589276561h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA1EAC second address: BA1EB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA21DE second address: BA21E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA2289 second address: BA228D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA228D second address: BA2297 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FE589276556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA230C second address: BA2313 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA2436 second address: BA243C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA2721 second address: BA2734 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007FE589802EF6h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA2734 second address: BA273A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA2BC1 second address: BA2BC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA2BC7 second address: BA2BCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA2BCB second address: BA2BCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA2BCF second address: BA2C00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dword ptr [ebp+122D2947h], edi 0x00000011 push 0000001Eh 0x00000013 call 00007FE58927655Dh 0x00000018 mov ecx, dword ptr [ebp+122D1EACh] 0x0000001e pop edx 0x0000001f push eax 0x00000020 pushad 0x00000021 jg 00007FE58927655Ch 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA2C00 second address: BA2C07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA2D1C second address: BA2D30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589276560h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA2D30 second address: BA2D50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FE589802F03h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA2D50 second address: BA2D59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA2FEF second address: BA2FFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA2FFD second address: BA3007 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FE589276556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA3007 second address: BA300D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA300D second address: BA3011 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B5948B second address: B59493 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B59493 second address: B594AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FE589276560h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B594AE second address: B594B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD7968 second address: BD7996 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589276566h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FE589276560h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD7DF1 second address: BD7E04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007FE589802EF6h 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD7E04 second address: BD7E08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD80D2 second address: BD80D8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD8265 second address: BD8278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007FE589276556h 0x0000000d jo 00007FE589276556h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD83C5 second address: BD83C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BDE17B second address: BDE185 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FE589276556h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BDCBAF second address: BDCBB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BDCBB3 second address: BDCBBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BDCBBD second address: BDCBC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BDCD4E second address: BDCD83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE58927655Ah 0x00000008 jg 00007FE589276556h 0x0000000e jmp 00007FE58927655Eh 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 push eax 0x00000018 pushad 0x00000019 popad 0x0000001a jns 00007FE589276556h 0x00000020 pop eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 push esi 0x00000026 pop esi 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BDCD83 second address: BDCD87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BDCD87 second address: BDCDA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE589276560h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BDD19A second address: BDD1B0 instructions: 0x00000000 rdtsc 0x00000002 je 00007FE589802EF6h 0x00000008 jnc 00007FE589802EF6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BDD1B0 second address: BDD1B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BDD1B6 second address: BDD1BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BDD2FC second address: BDD301 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BDD5DE second address: BDD5F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE589802EFEh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BDDB9A second address: BDDBA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BDE029 second address: BDE033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FE589802EF6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BDE033 second address: BDE039 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE55B9 second address: BE55BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE51D5 second address: BE51DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE51DB second address: BE51E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FE589802EF6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE51E5 second address: BE51EB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE8598 second address: BE859E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE859E second address: BE85D9 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FE589276562h 0x00000008 pushad 0x00000009 jmp 00007FE58927655Dh 0x0000000e jmp 00007FE589276567h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE7E27 second address: BE7E30 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE7E30 second address: BE7E48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f pop eax 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE7E48 second address: BE7E51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE7E51 second address: BE7E57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE7E57 second address: BE7E7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589802F02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FE589802EFDh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE7E7D second address: BE7E83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE8288 second address: BE828C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE828C second address: BE82C7 instructions: 0x00000000 rdtsc 0x00000002 js 00007FE589276556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jg 00007FE589276566h 0x00000010 jmp 00007FE589276568h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE82C7 second address: BE82EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FE589802EF6h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007FE589802EFCh 0x00000014 jns 00007FE589802EF6h 0x0000001a jng 00007FE589802EFEh 0x00000020 jnc 00007FE589802EF6h 0x00000026 push edi 0x00000027 pop edi 0x00000028 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE82EF second address: BE82F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE82F5 second address: BE82F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BEB3F0 second address: BEB3F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF19D0 second address: BF19D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF19D4 second address: BF19D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF19D8 second address: BF19DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF070F second address: BF0715 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA296D second address: BA297A instructions: 0x00000000 rdtsc 0x00000002 jp 00007FE589802EF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA297A second address: BA2980 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF0D32 second address: BF0D36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF0D36 second address: BF0D5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 pop eax 0x00000009 jno 00007FE589276556h 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FE589276561h 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF4E41 second address: BF4E4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jbe 00007FE589802EFEh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF4E4E second address: BF4E7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007FE589276574h 0x0000000f push esi 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF523E second address: BF5246 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF5246 second address: BF526B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pushad 0x00000008 jmp 00007FE589276563h 0x0000000d push eax 0x0000000e push edx 0x0000000f jno 00007FE589276556h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF526B second address: BF526F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF526F second address: BF5273 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF5273 second address: BF527F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF527F second address: BF5283 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF53C7 second address: BF53CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF53CB second address: BF53E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE58927655Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF7F4A second address: BF7F50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BF80DE second address: BF80F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FE58927655Ah 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFEEE4 second address: BFEEEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFEEEE second address: BFEEF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFF880 second address: BFF8CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589802F08h 0x00000007 jmp 00007FE589802F07h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FE589802F06h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFF8CD second address: BFF8D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFF8D1 second address: BFF8FD instructions: 0x00000000 rdtsc 0x00000002 ja 00007FE589802EF6h 0x00000008 jmp 00007FE589802F09h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFF8FD second address: BFF924 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE58927655Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jmp 00007FE589276562h 0x0000000f pushad 0x00000010 popad 0x00000011 pop edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFF924 second address: BFF92D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFF92D second address: BFF94F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE589276567h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFF94F second address: BFF953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFFC01 second address: BFFC07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C0018F second address: C00193 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C00193 second address: C001A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C001A7 second address: C001AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C00524 second address: C00538 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FE589276556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jp 00007FE589276556h 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C0082D second address: C00839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C00839 second address: C0086D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE58927655Dh 0x00000009 pop edi 0x0000000a popad 0x0000000b pushad 0x0000000c push edi 0x0000000d jmp 00007FE589276564h 0x00000012 jbe 00007FE589276556h 0x00000018 pop edi 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C0086D second address: C00871 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C00B08 second address: C00B20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE589276564h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C063B5 second address: C063CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589802EFFh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C063CA second address: C063D6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FE58927655Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C0A239 second address: C0A25B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589802EFBh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FE589802EFFh 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B5AFE9 second address: B5AFEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B5AFEF second address: B5B00E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FE589802EFCh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jno 00007FE589802EF6h 0x00000015 push eax 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B5B00E second address: B5B013 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B5B013 second address: B5B02B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE589802F02h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B5B02B second address: B5B02F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C09696 second address: C0969F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C09909 second address: C09913 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FE589276556h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C09913 second address: C09917 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C09A79 second address: C09A9B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FE589276562h 0x0000000c jc 00007FE589276556h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C09A9B second address: C09AA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C09AA3 second address: C09AA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C11F77 second address: C11F7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C10027 second address: C10057 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589276563h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FE589276569h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C10057 second address: C1008B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FE589802EF6h 0x00000009 jmp 00007FE589802EFEh 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007FE589802F07h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1008B second address: C100AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push ebx 0x00000009 jmp 00007FE589276567h 0x0000000e pop ebx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C107F2 second address: C10807 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589802EFEh 0x00000007 push eax 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1095D second address: C10976 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE58927655Eh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C10976 second address: C109D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pushad 0x00000007 jbe 00007FE589802F11h 0x0000000d jnl 00007FE589802EFCh 0x00000013 jmp 00007FE589802F09h 0x00000018 push eax 0x00000019 push edx 0x0000001a js 00007FE589802EF6h 0x00000020 jnc 00007FE589802EF6h 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C10B26 second address: C10B2B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C10B2B second address: C10B43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jl 00007FE589802EFAh 0x0000000b pushad 0x0000000c popad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C10B43 second address: C10B4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C10B4C second address: C10B50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C10B50 second address: C10B58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C10B58 second address: C10B71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FE589802F01h 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C17976 second address: C1797A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1A5E5 second address: C1A602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FE589802F08h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1A602 second address: C1A612 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE58927655Ah 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1D188 second address: C1D18C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1D18C second address: C1D1A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589276563h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B50DFB second address: B50DFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B50DFF second address: B50E09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B50E09 second address: B50E0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C241EC second address: C241F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C241F0 second address: C241F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C241F6 second address: C241FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C2A87D second address: C2A882 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C2A882 second address: C2A888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C2C2B3 second address: C2C2BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FE589802EF6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C2E2C5 second address: C2E2CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C2E2CB second address: C2E2E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FE589802F03h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C2DE4B second address: C2DE6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 jmp 00007FE589276569h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C2DFE6 second address: C2DFF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FE589802EFAh 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C40554 second address: C40559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C40559 second address: C4055E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C4055E second address: C40568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C428D3 second address: C428D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C49DC9 second address: C49DD3 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FE589276556h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C48855 second address: C4888E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 je 00007FE589802EF6h 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop ecx 0x0000000e jno 00007FE589802F02h 0x00000014 push edi 0x00000015 jmp 00007FE589802F00h 0x0000001a pop edi 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push edx 0x0000001f push edi 0x00000020 pop edi 0x00000021 pop edx 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C4888E second address: C488AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE589276566h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C488AA second address: C488AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C488AE second address: C488C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FE58927655Ch 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C490C6 second address: C490D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FE589802EF6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C4D599 second address: C4D5B5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 ja 00007FE589276556h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnl 00007FE589276556h 0x00000013 jp 00007FE589276556h 0x00000019 push esi 0x0000001a pop esi 0x0000001b popad 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C4D5B5 second address: C4D5BA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C4D717 second address: C4D71D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C4D71D second address: C4D721 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5E2FE second address: C5E302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5E302 second address: C5E30A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5E30A second address: C5E315 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FE589276556h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5E315 second address: C5E32D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007FE589802EFCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5E184 second address: C5E1A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589276567h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5E1A3 second address: C5E1BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE589802F07h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C58440 second address: C5844A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FE589276556h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C6CE54 second address: C6CE7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589802EFEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007FE589802F01h 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C6CE7F second address: C6CE85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C6C99D second address: C6C9BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FE589802F00h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop ebx 0x0000000e push ebx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8704D second address: C87066 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE589276561h 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C85EE6 second address: C85F12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FE589802EF6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d pushad 0x0000000e js 00007FE589802EF6h 0x00000014 jmp 00007FE589802F03h 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b push eax 0x0000001c pop eax 0x0000001d popad 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C85F12 second address: C85F3C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 jmp 00007FE589276569h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 jng 00007FE589276556h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C86313 second address: C8631A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C86470 second address: C864A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE589276567h 0x00000007 push eax 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007FE58927655Ah 0x00000015 push esi 0x00000016 pop esi 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 push ecx 0x0000001a pushad 0x0000001b popad 0x0000001c jnp 00007FE589276556h 0x00000022 pop ecx 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C864A5 second address: C864AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C864AA second address: C864CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FE589276567h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C867D5 second address: C867E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE589802EFDh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C88726 second address: C88730 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FE589276562h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C88730 second address: C88744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FE589802EF6h 0x0000000a ja 00007FE589802EFEh 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C88744 second address: C8874F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8B36B second address: C8B3AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp], eax 0x00000007 sbb dx, 701Eh 0x0000000c push 00000004h 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007FE589802EF8h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 00000019h 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 sub dword ptr [ebp+1245938Fh], ebx 0x0000002e push 137D634Dh 0x00000033 push esi 0x00000034 jc 00007FE589802EFCh 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8B623 second address: C8B628 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8B628 second address: C8B676 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jl 00007FE589802EF6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jg 00007FE589802EFAh 0x00000015 push esi 0x00000016 pushad 0x00000017 popad 0x00000018 pop esi 0x00000019 nop 0x0000001a push 00000000h 0x0000001c push edx 0x0000001d call 00007FE589802EF8h 0x00000022 pop edx 0x00000023 mov dword ptr [esp+04h], edx 0x00000027 add dword ptr [esp+04h], 00000017h 0x0000002f inc edx 0x00000030 push edx 0x00000031 ret 0x00000032 pop edx 0x00000033 ret 0x00000034 push dword ptr [ebp+122D1D35h] 0x0000003a xor dx, E46Eh 0x0000003f push 84FE8C25h 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 push ecx 0x00000048 pop ecx 0x00000049 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8CF77 second address: C8CF92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 ja 00007FE58927655Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8CF92 second address: C8CF96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8CAF2 second address: C8CAF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8E9BA second address: C8E9C0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8E9C0 second address: C8E9CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8E9CC second address: C8E9D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5460D1D second address: 5460D21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5460D21 second address: 5460D27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5460D27 second address: 5460D9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FE589276562h 0x00000009 or si, 23B8h 0x0000000e jmp 00007FE58927655Bh 0x00000013 popfd 0x00000014 mov dx, si 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [eax+00000860h] 0x00000020 jmp 00007FE589276562h 0x00000025 test eax, eax 0x00000027 jmp 00007FE589276560h 0x0000002c je 00007FE5F9A0C537h 0x00000032 jmp 00007FE589276560h 0x00000037 test byte ptr [eax+04h], 00000005h 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e movzx ecx, dx 0x00000041 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5480338 second address: 548033C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: B93117 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: BBACBA instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 9E3D60 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: C24A88 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 6104Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
    Source: C:\Users\user\Desktop\file.exeLast function: Thread delayed
    Source: file.exe, file.exe, 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: Amcache.hve.5.drBinary or memory string: VMware
    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
    Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
    Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
    Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
    Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
    Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
    Source: file.exe, 00000000.00000002.2059024144.0000000001569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: file.exe, 00000000.00000002.2059024144.000000000155C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWj
    Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
    Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
    Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.5.drBinary or memory string: vmci.sys
    Source: Amcache.hve.5.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
    Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
    Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
    Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: Amcache.hve.5.drBinary or memory string: VMware20,1
    Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
    Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
    Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
    Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
    Source: file.exe, 00000000.00000002.2059024144.00000000014EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH
    Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
    Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
    Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
    Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
    Source: file.exe, 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009C00D0 LdrInitializeThunk,0_2_009C00D0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exe, 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
    Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
    Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
    Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
    Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
    Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		2
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping641
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts2
    Command and Scripting Interpreter    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		2
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain Accounts1
    PowerShell    		Logon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS223
    System Information Discovery    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.TPM.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    steamcommunity.com0%VirustotalBrowse
    sergei-esenin.com18%VirustotalBrowse
    eaglepawnoy.store19%VirustotalBrowse
    licendfilteo.site16%VirustotalBrowse
    studennotediw.store18%VirustotalBrowse
    spirittunek.store22%VirustotalBrowse
    bathdoomgaz.store22%VirustotalBrowse
    dissapoiznw.store22%VirustotalBrowse
    mobbipenju.store22%VirustotalBrowse
    clearancek.site18%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://avatars.akamai.steamstatic0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=e0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    http://upx.sf.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://www.cloudflare.com/learning/access-management/phishing-attack/0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp0%VirustotalBrowse
    https://www.youtube.com0%VirustotalBrowse
    https://www.google.com0%VirustotalBrowse
    studennotediw.store18%VirustotalBrowse
    https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi0%VirustotalBrowse
    https://sergei-esenin.com:443/apifiles/765611997243319009%VirustotalBrowse
    eaglepawnoy.store19%VirustotalBrowse
    dissapoiznw.store22%VirustotalBrowse
    https://sketchfab.com0%VirustotalBrowse
    https://eaglepawnoy.store:443/api22%VirustotalBrowse
    https://www.cloudflare.com/5xx-error-landing0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a0%VirustotalBrowse
    https://sergei-esenin.com:443/api19%VirustotalBrowse
    https://www.google.com/recaptcha/0%VirustotalBrowse
    https://steamcommunity.com/market/0%VirustotalBrowse
    https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/0%VirustotalBrowse
    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org0%VirustotalBrowse
    https://www.youtube.com/0%VirustotalBrowse
    https://steamcommunity.com/discussions/0%VirustotalBrowse
    https://steamcommunity.com/login/home/?goto=profiles%2F765611997243319000%VirustotalBrowse
    bathdoomgaz.store22%VirustotalBrowse
    https://steamcommunity.com/my/wishlist/0%VirustotalBrowse
    https://clearancek.site:443/api20%VirustotalBrowse
    clearancek.site18%VirustotalBrowse
    spirittunek.store22%VirustotalBrowse
    https://steamcommunity.com/workshop/0%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truetrueunknown
    sergei-esenin.com
    		172.67.206.204
    		truetrueunknown
    eaglepawnoy.store
    		unknown
    		unknowntrueunknown
    bathdoomgaz.store
    		unknown
    		unknowntrueunknown
    spirittunek.store
    		unknown
    		unknowntrueunknown
    licendfilteo.site
    		unknown
    		unknowntrueunknown
    studennotediw.store
    		unknown
    		unknowntrueunknown
    mobbipenju.store
    		unknown
    		unknowntrueunknown
    clearancek.site
    		unknown
    		unknowntrueunknown
    dissapoiznw.store
    		unknown
    		unknowntrueunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    studennotediw.storetrueunknown
    dissapoiznw.storetrueunknown
    https://steamcommunity.com/profiles/76561199724331900true
    • URL Reputation: malware
    		unknown
    eaglepawnoy.storetrueunknown
    bathdoomgaz.storetrueunknown
    clearancek.sitetrueunknown
    spirittunek.storetrueunknown
    licendfilteo.sitetrue
      		unknown
      mobbipenju.storetrue
        		unknown
        https://sergei-esenin.com/apitrue
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://www.cloudflare.com/learning/access-management/phishing-attack/file.exe, 00000000.00000003.1801841319.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1801780211.00000000015DC000.00000004.00000020.00020000.00000000.sdmpfalseunknown
          https://player.vimeo.comfile.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://licendfilteo.site:443/apiqfile.exe, 00000000.00000002.2059024144.000000000152F000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5ffile.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.youtube.comfile.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.google.comfile.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPifile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://s.ytimg.com;file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              https://eaglepawnoy.store:443/apifile.exe, 00000000.00000002.2059024144.000000000152F000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://steam.tv/file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://sketchfab.comfile.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://lv.queniujq.cnfile.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmptrue
              • URL Reputation: malware
              		unknown
              https://www.youtube.com/file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://sergei-esenin.com:443/apifiles/76561199724331900file.exe, 00000000.00000002.2059024144.000000000152F000.00000004.00000020.00020000.00000000.sdmptrueunknown
              https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://www.cloudflare.com/5xx-error-landingfile.exe, 00000000.00000002.2059024144.0000000001547000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1801841319.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1801780211.00000000015DC000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://sergei-esenin.com:443/apifile.exe, 00000000.00000002.2059024144.000000000152F000.00000004.00000020.00020000.00000000.sdmptrueunknown
              https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&afile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://www.google.com/recaptcha/file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://checkout.steampowered.com/file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://avatars.akamai.steamstaticfile.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://store.steampowered.com/;file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://store.steampowered.com/about/file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://help.steampowered.com/en/file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://steamcommunity.com/market/file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://store.steampowered.com/news/file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://steamcommunity.com/discussions/file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://store.steampowered.com/stats/file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://medal.tvfile.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&amp;l=efile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://clearancek.site:443/apifile.exe, 00000000.00000002.2059024144.000000000152F000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                https://steamcommunity.com/workshop/file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                https://login.steampowered.com/file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://store.steampowered.com/legal/file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://recaptcha.netfile.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://upx.sf.netAmcache.hve.5.drfalse
                • URL Reputation: safe
                		unknown
                https://store.steampowered.com/file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://studennotediw.store:443/apifile.exe, 00000000.00000002.2059024144.000000000152F000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://127.0.0.1:27060file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://spirittunek.store:443/apifile.exe, 00000000.00000002.2059024144.000000000152F000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQAfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=englishfile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://help.steampowered.com/file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://api.steampowered.com/file.exe, 00000000.00000003.1794883293.0000000001583000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://store.steampowered.com/mobilefile.exe, 00000000.00000003.1801780211.00000000015D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1794840779.00000000015C5000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        104.102.49.254
                        		steamcommunity.comUnited States
                        		16625AKAMAI-ASUStrue
                        172.67.206.204
                        		sergei-esenin.comUnited States
                        		13335CLOUDFLARENETUStrue

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1532898
                        Start date and time:2024-10-14 06:01:06 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 5m 8s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:12
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:file.exe
                        Detection:MAL
                        Classification:mal100.troj.evad.winEXE@4/9@10/2
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:Failed
                        Cookbook Comments:
                        • Found application associated with file extension: .exe

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                        • Excluded IPs from analysis (whitelisted): 20.189.173.22
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        00:02:08API Interceptor4x Sleep call for process: file.exe modified
                        00:02:33API Interceptor2x Sleep call for process: WerFault.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                        • www.valvesoftware.com/legal.htm
                        172.67.206.204SoftWare.exeGet hashmaliciousLummaCBrowse
                          SoftWare(2).exeGet hashmaliciousLummaCBrowse
                            file.exeGet hashmaliciousLummaCBrowse
                              file.exeGet hashmaliciousLummaCBrowse
                                file.exeGet hashmaliciousLummaCBrowse
                                  file.exeGet hashmaliciousLummaCBrowse
                                    SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                      SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                                        file.exeGet hashmaliciousLummaCBrowse
                                          file.exeGet hashmaliciousLummaCBrowse

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            sergei-esenin.comSoftWare.exeGet hashmaliciousLummaCBrowse
                                            • 104.21.53.8
                                            SoftWare.exeGet hashmaliciousLummaCBrowse
                                            • 172.67.206.204
                                            SoftWare(2).exeGet hashmaliciousLummaCBrowse
                                            • 172.67.206.204
                                            SoftWare(1).exeGet hashmaliciousLummaCBrowse
                                            • 104.21.53.8
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 172.67.206.204
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 172.67.206.204
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.21.53.8
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 172.67.206.204
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 172.67.206.204
                                            SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                            • 172.67.206.204
                                            steamcommunity.comSoftWare.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            SoftWare.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            SoftWare(2).exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            SoftWare(1).exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            CLOUDFLARENETUShttps://totalcanterbury0.sharefile.com/public/share/web-034ada86e7d04d74Get hashmaliciousUnknownBrowse
                                            • 172.67.74.152
                                            arm5.nn-20241014-0317.elfGet hashmaliciousMirai, OkiruBrowse
                                            • 1.13.112.124
                                            SoftWare.exeGet hashmaliciousLummaCBrowse
                                            • 104.21.79.35
                                            SoftWare.exeGet hashmaliciousLummaCBrowse
                                            • 172.67.206.204
                                            SoftWare(2).exeGet hashmaliciousLummaCBrowse
                                            • 172.67.206.204
                                            SoftWare(1).exeGet hashmaliciousLummaCBrowse
                                            • 104.21.46.170
                                            Compliance_Report_Final_Q3_8c3f5541a91374b5bf18ac88017a597742a1891a.htmlGet hashmaliciousHTMLPhisherBrowse
                                            • 104.17.25.14
                                            https://aa.ns.agingbydesignministry.org/?company=john_smith@company.com/1/01020192845e78dd-2d6e57c1-2477-4368-9808-e405234d7366-000000/JciFxQG6yOVw83-lKIliC63cjw4=395Get hashmaliciousHTMLPhisherBrowse
                                            • 1.1.1.1
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 172.67.206.204
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 172.67.206.204
                                            AKAMAI-ASUSarm5.nn-20241014-0317.elfGet hashmaliciousMirai, OkiruBrowse
                                            • 104.117.28.226
                                            arm7.nn-20241014-0317.elfGet hashmaliciousMirai, OkiruBrowse
                                            • 104.124.6.21
                                            SoftWare.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            SoftWare.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            SoftWare(2).exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            SoftWare(1).exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254

                                            JA3 Fingerprints

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            a0e9f5d64349fb13191bc781f81f42e1SoftWare.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            • 172.67.206.204
                                            SoftWare.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            • 172.67.206.204
                                            SoftWare(2).exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            • 172.67.206.204
                                            SoftWare(1).exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            • 172.67.206.204
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            • 172.67.206.204
                                            FACTURA.cmdGet hashmaliciousDBatLoaderBrowse
                                            • 104.102.49.254
                                            • 172.67.206.204
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            • 172.67.206.204
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            • 172.67.206.204
                                            20Listen.emlGet hashmaliciousHTMLPhisherBrowse
                                            • 104.102.49.254
                                            • 172.67.206.204
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.102.49.254
                                            • 172.67.206.204

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_10ade8c62e1e5b932c9965c096b42c43be687_852b229c_5b3260ed-724a-42b7-8cd0-f6e1e5b02db9\Report.wer

                                            Download File
                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):65536
                                            Entropy (8bit):1.0614330394083293
                                            Encrypted:false
                                            SSDEEP:192:PScJDSLVMv7PlR00Hzr/I3juFSnDRzuiF9Z24IO8TVB:RL7NS0Hzr4jDdzuiF9Y4IO8X
                                            MD5:C84AC90A9A785813B4DD374303AE6E8A
                                            SHA1:9CD8962B28C1CF08216675FD594C56298EC9878E
                                            SHA-256:36B66FA956CA2083A7E2219A59571A17D45C859914C9E801583575AFA9B86280
                                            SHA-512:E6B56F065B59440AD27B983300C72A31C76CE6E17B67AFEB39FF9833C69E7AADECFF5DA0D467E57C6D050E41E861ED2D9E8BFB1E621F8EC1B56DEB9724C5DD55
                                            Malicious:true
                                            Reputation:low
                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.3.5.2.1.3.6.0.0.6.6.9.6.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.3.5.2.1.3.8.0.8.4.8.1.1.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.b.3.2.6.0.e.d.-.7.2.4.a.-.4.2.b.7.-.8.c.d.0.-.f.6.e.1.e.5.b.0.2.d.b.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.4.b.d.d.8.4.0.-.c.8.d.8.-.4.6.5.d.-.8.3.5.3.-.f.c.b.1.3.a.7.6.2.f.8.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.9.2.0.-.0.0.0.1.-.0.0.1.4.-.4.f.f.d.-.a.d.d.5.e.d.1.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.d.d.0.f.6.8.f.3.0.a.7.0.4.6.7.4.9.d.0.6.f.1.0.b.2.5.9.6.a.e.a.0.2.e.3.3.c.d.2.b.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0.

                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_51d3ab169e1892723c87a9e6928df66633d59e12_852b229c_53dca978-770f-4bbd-b782-bf3ee498f1fa\Report.wer

                                            Download File
                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):65536
                                            Entropy (8bit):1.0568826820053674
                                            Encrypted:false
                                            SSDEEP:192:PIzFcLVMvUPlA0ULPcI3juFSnDRzuiF9Z24IO8TVB:AUNbULPbjDdzuiF9Y4IO8X
                                            MD5:7F627E820782F41E9AC808804D4116AF
                                            SHA1:66BCE6F268A7C1B5C7F92FD345F41B32F12DE8B8
                                            SHA-256:491D1E1A593A005CAD9BDA132A4B3667C6DAF2774532AC5C26D487A1C054E94C
                                            SHA-512:11C63688A88639788318BFFB919309D88C8DC59FE6A4AFD26181EB1992215AA81B84AAF8B11ED9668AF0408CB064FEE04B2C2AB642D0465C7ACDF7E06258ECE8
                                            Malicious:true
                                            Reputation:low
                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.3.5.2.1.5.4.1.7.4.5.5.3.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.3.5.2.1.5.4.5.8.0.7.9.3.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.3.d.c.a.9.7.8.-.7.7.0.f.-.4.b.b.d.-.b.7.8.2.-.b.f.3.e.e.4.9.8.f.1.f.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.4.9.1.1.f.a.9.-.b.c.d.0.-.4.1.7.c.-.a.f.b.2.-.b.e.4.e.0.d.7.4.6.c.d.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.9.2.0.-.0.0.0.1.-.0.0.1.4.-.4.f.f.d.-.a.d.d.5.e.d.1.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.d.d.0.f.6.8.f.3.0.a.7.0.4.6.7.4.9.d.0.6.f.1.0.b.2.5.9.6.a.e.a.0.2.e.3.3.c.d.2.b.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0.

                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER14D.tmp.WERInternalMetadata.xml

                                            Download File
                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):8296
                                            Entropy (8bit):3.6946497523330506
                                            Encrypted:false
                                            SSDEEP:192:R6l7wVeJ8Cb64hB6Y9FSU9cOFgmfBYJdTpDy89bLtsfMZm:R6lXJ/6g6Y/SU9c0gmf6JddLmfP
                                            MD5:1CC46192C6259C5478CED1FB6892EE06
                                            SHA1:6507C18FEC0ED7B060D3D823F530C4489B7A7171
                                            SHA-256:491A81ED05FE35C1A5958978C80103622D47181C2BAA723590EC7AD35EADAD36
                                            SHA-512:377BDD49BA3458358286677423B8C745461A92DD63F17E19ED8A3BD2D611FB67552AC3384D4AC4B10B1EAE1B16F5620FC9667867A7ACE12CEA1B6B1596518E29
                                            Malicious:false
                                            Reputation:low
                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.3.3.6.<./.P.i.

                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER16E.tmp.xml

                                            Download File
                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):4560
                                            Entropy (8bit):4.426909273076922
                                            Encrypted:false
                                            SSDEEP:48:cvIwWl8zs1Jg77aI9YDWpW8VY5Ym8M4JjmFKv+q8LKWT61d:uIjfPI7+y7VJJLrWT61d
                                            MD5:5A028015B8D659D07A570BB028114F1B
                                            SHA1:3B7FDFE05280517FBFB0A381552B46B360B0F0FB
                                            SHA-256:BF4E6745A547EBF8F6F01F64BC0DD3947E87BA9E537BD576FEE460B7764A7B0B
                                            SHA-512:68FA939A2A5C87DF26F759E626ABF1BE53278DADE8281E0BB0C237F320A8AA7E51C0C109FDA0AB519B3FB91FDBA27E18770B5C43B0C8D2C7606EB6077303B1EE
                                            Malicious:false
                                            Reputation:low
                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="542585" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER72.tmp.dmp

                                            Download File
                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                            File Type:Mini DuMP crash report, 15 streams, Mon Oct 14 04:02:34 2024, 0x1205a4 type
                                            Category:dropped
                                            Size (bytes):278390
                                            Entropy (8bit):1.5432941341684288
                                            Encrypted:false
                                            SSDEEP:768:yfQbAB5nYjJ0sfv0TPbqrzIDmbKYLAc40C:0QdfvgPbqrzIDmuYLH40C
                                            MD5:DA3EE3B26ABF1757FEB2BAFBF1520434
                                            SHA1:A719F57115206A3F0AB5FC765EA8A99B9116B826
                                            SHA-256:75119CA3201C061F22AD31AB494FF5A14CA5D7B6384CE1B089DF1CFA2909E225
                                            SHA-512:F0F8D64D55703747D67DE538D70BBC6A6A92D392657A1594AF3A5863BF39D46F67039A1A6EA9F7B3214426C52473B26922A5411BA29044C711BEA929D058D5E3
                                            Malicious:false
                                            Reputation:low
                                            Preview:MDMP..a..... .........g........................T...........,....&.....................`.......8...........T............K..............((...........*..............................................................................eJ.......*......GenuineIntel............T....... ......g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERB9A5.tmp.dmp

                                            Download File
                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                            File Type:Mini DuMP crash report, 15 streams, Mon Oct 14 04:02:17 2024, 0x1205a4 type
                                            Category:dropped
                                            Size (bytes):282378
                                            Entropy (8bit):1.5392183625366482
                                            Encrypted:false
                                            SSDEEP:384:Ub5C6Ebu1UvlAB5AXcYVNa7eJuQmDiNbNzfJTjJ0uWF50i8Tke30GG9KhPf+vPw1:UboPVlAB5ArjNNqfv0QPzqrzKMmSnR
                                            MD5:A36813981A5D2D2D6C019F9E11C4723F
                                            SHA1:DC50B459018B621D33EFEE0021966670842E7634
                                            SHA-256:A8E53814F93A8510BE6CA410057154CAE91CB04581BE27695B82664286BC6528
                                            SHA-512:46F085ED2D538FB59B7E2F624A7CDE27296B6DCDD276CBDCCFCABFFCF81466DDE76A4354CE7852BB1AB46A0ABD560314BD3B5565736690854388EEAC0E291F40
                                            Malicious:false
                                            Reputation:low
                                            Preview:MDMP..a..... .........g........................T...........,....&.....................`.......8...........T............K..2...........((...........*..............................................................................eJ.......*......GenuineIntel............T....... ......g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERC00E.tmp.WERInternalMetadata.xml

                                            Download File
                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):8362
                                            Entropy (8bit):3.701892865029331
                                            Encrypted:false
                                            SSDEEP:192:R6l7wVeJ8Cj+64hUf6Y9JSU9IfpRgmfB/JJmppr189bStsfNmm:R6lXJP+636YDSU9IfpRgmf5JJmWSmf1
                                            MD5:0C21B338DBA961A9453BBBD80EB68566
                                            SHA1:707460439D5A8583E63422C944C3C7C7FBBA1A3C
                                            SHA-256:F3E20EB506F6CA0CBE45669964D2AE17B7571EBED946181F8FCA5B47AC38193D
                                            SHA-512:CC0F991527F7811E486F120880F336B4CDE86B81E62352CBC7175D16E79F2171F5BAF60155911E4C96A3A65AFFA18ADE9F23853AFC3FD392E4FB1D17C5C54DB4
                                            Malicious:false
                                            Reputation:low
                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.3.3.6.<./.P.i.

                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERC07D.tmp.xml

                                            Download File
                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):4610
                                            Entropy (8bit):4.483359968294019
                                            Encrypted:false
                                            SSDEEP:48:cvIwWl8zseJg77aI9YDWpW8VYoYm8M4JjZF/+q8TLWT61d:uIjfUI7+y7VQJP8WT61d
                                            MD5:99846B91EF5A59F574A3D2D4A6A636FC
                                            SHA1:5E67641A55178E8776353FDEE59B126026525EA3
                                            SHA-256:CC3310954EB018DBA5B1EC3455F27B27A7585EFA418AA5B00FF4A7164DBF5554
                                            SHA-512:5A480CBE8BCDB4626211954C04AF6647F99EB4DBA86E87666234433994A679024DAF922B6266A11570E893E2302F3E7306A098C3378B5DF0DCE9A687D581C49E
                                            Malicious:false
                                            Reputation:low
                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="542584" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                            C:\Windows\appcompat\Programs\Amcache.hve

                                            Download File
                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                            File Type:MS Windows registry file, NT/2000 or above
                                            Category:dropped
                                            Size (bytes):1835008
                                            Entropy (8bit):4.465299211998709
                                            Encrypted:false
                                            SSDEEP:6144:eIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNPdwBCswSbE:zXD94+WlLZMM6YFH1+E
                                            MD5:5C2D86DDA1D0227AED00C97564F4A383
                                            SHA1:2786281F959EC5AAF9AC5CA564B31363A6B522A3
                                            SHA-256:BBE39EE1D5E18E06CB36F7751FF59F36F61F990B0F26188D12C42ED4F8A592E0
                                            SHA-512:A4CEA1AF2F6E20096252C1F00D891953570DD8D1E49E00232701EB484078FA1EE8D96B777D7EA50DE3C2F93B52D8FF30074C0256BDBDD9A3536B792E82EF3BF4
                                            Malicious:false
                                            Preview:regf7...7....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmf...................................................................................................................................................................................................................................................................................................................................................-r..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Entropy (8bit):6.5130261410797345
                                            TrID:
                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                            • DOS Executable Generic (2002/1) 0.02%
                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                            File name:file.exe
                                            File size:3'019'264 bytes
                                            MD5:4f245878a56ed4c45fb3fda19421eda8
                                            SHA1:dd0f68f30a7046749d06f10b2596aea02e33cd2b
                                            SHA256:8422d35cff599297ee418fba71f575fb965f1fa508eea453b70b20495c3e685f
                                            SHA512:871810e471a5ade2b77a19f8a09e473be259fb963d9783b5ef235d4c813cb76e9c6a4ea2a80c276214aae07dd0ce3688c88e6c7526a8bd91a87193a1ff1ffb15
                                            SSDEEP:49152:DLyDCqqV4wZNsEhoqD/qHdGdfTShX5QOLc7n:DDqqV4wTssowEEG1L2n
                                            TLSH:41D539A2E44571CFD48A1BB8912BCD82599D47F90B3448C3DDACE4BABE63CC611B6C35
                                            File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................1...........@...........................1.....Z.....@.................................W...k..

                                            File Icon

                                            Icon Hash:90cececece8e8eb0

                                            Static PE Info

                                            General

                                            Entrypoint:0x719000
                                            Entrypoint Section:.taggant
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:6
                                            OS Version Minor:0
                                            File Version Major:6
                                            File Version Minor:0
                                            Subsystem Version Major:6
                                            Subsystem Version Minor:0
                                            Import Hash:2eabe9054cad5152567f0699947a2c5b

                                            Entrypoint Preview

                                            Instruction
                                            jmp 00007FE588DCB60Ah

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            0x10000x5d0000x25e0055d5f99f0f850222a14a5ea58ca68644False0.9995874587458746data7.982457602769494IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            olqshizd0x600000x2b80000x2b7a006cd96d8f241ee8e19b50e818e44cbfd6unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            fkdtcrjk0x3180000x10000x600efcf48c18255ef38dc518e001b6680f9False0.5618489583333334data4.964627916924472IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .taggant0x3190000x30000x2200173702d32c0500cbf14e39f7a4de808fFalse0.06364889705882353DOS executable (COM)0.7903335899864196IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                            Imports

                                            DLLImport
                                            kernel32.dlllstrcpy

                                            Network Behavior

                                            Suricata IDS Alerts

                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2024-10-14T06:02:09.411260+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.4553421.1.1.153UDP
                                            2024-10-14T06:02:09.423858+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.4599961.1.1.153UDP
                                            2024-10-14T06:02:09.435813+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.4639991.1.1.153UDP
                                            2024-10-14T06:02:09.446730+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.4495261.1.1.153UDP
                                            2024-10-14T06:02:09.458174+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.4590981.1.1.153UDP
                                            2024-10-14T06:02:09.469485+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.4525571.1.1.153UDP
                                            2024-10-14T06:02:09.480204+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.4621111.1.1.153UDP
                                            2024-10-14T06:02:09.492154+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.4560831.1.1.153UDP
                                            2024-10-14T06:02:10.854376+02002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.449730104.102.49.254443TCP
                                            2024-10-14T06:02:11.646383+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449731172.67.206.204443TCP
                                            2024-10-14T06:02:11.646383+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449731172.67.206.204443TCP
                                            2024-10-14T06:02:14.004167+02002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449732172.67.206.204443TCP
                                            2024-10-14T06:02:14.004167+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449732172.67.206.204443TCP

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Oct 14, 2024 06:02:09.518909931 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:09.519005060 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:09.519099951 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:09.522371054 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:09.522391081 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:10.266798973 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:10.267030001 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:10.272212029 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:10.272237062 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:10.272769928 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:10.318890095 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:10.401532888 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:10.443429947 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:10.854377985 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:10.854403019 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:10.854476929 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:10.854526043 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:10.854520082 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:10.854593039 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:10.854624033 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:10.854654074 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:10.854654074 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:10.854654074 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:10.854691982 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:10.981868982 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:10.981895924 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:10.982008934 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:10.982079029 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:10.982114077 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:10.982136965 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:10.988842964 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:10.988954067 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:10.988992929 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:10.989041090 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:11.014372110 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:11.014415026 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:11.014442921 CEST49730443192.168.2.4104.102.49.254
                                            Oct 14, 2024 06:02:11.014457941 CEST44349730104.102.49.254192.168.2.4
                                            Oct 14, 2024 06:02:11.044862986 CEST49731443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:11.044914007 CEST44349731172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:11.045007944 CEST49731443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:11.045352936 CEST49731443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:11.045373917 CEST44349731172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:11.527852058 CEST44349731172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:11.527965069 CEST49731443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:11.531795025 CEST49731443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:11.531806946 CEST44349731172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:11.532073975 CEST44349731172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:11.533644915 CEST49731443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:11.533688068 CEST49731443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:11.533747911 CEST44349731172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:11.646167040 CEST44349731172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:11.646195889 CEST44349731172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:11.646217108 CEST44349731172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:11.646235943 CEST44349731172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:11.646308899 CEST44349731172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:11.646337986 CEST49731443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:11.646409988 CEST49731443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:11.713391066 CEST49731443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:11.713391066 CEST49731443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:11.713432074 CEST44349731172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:11.713445902 CEST44349731172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:12.257200956 CEST49732443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:12.257246971 CEST44349732172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:12.257345915 CEST49732443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:12.257750988 CEST49732443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:12.257769108 CEST44349732172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:13.441289902 CEST44349732172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:13.441370010 CEST49732443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:13.443490982 CEST49732443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:13.443501949 CEST44349732172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:13.443978071 CEST44349732172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:13.445668936 CEST49732443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:13.445709944 CEST49732443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:13.445794106 CEST44349732172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:14.004180908 CEST44349732172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:14.004288912 CEST44349732172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:14.004364967 CEST49732443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:14.004617929 CEST49732443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:14.004642963 CEST44349732172.67.206.204192.168.2.4
                                            Oct 14, 2024 06:02:14.004656076 CEST49732443192.168.2.4172.67.206.204
                                            Oct 14, 2024 06:02:14.004664898 CEST44349732172.67.206.204192.168.2.4

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Oct 14, 2024 06:02:09.411259890 CEST5534253192.168.2.41.1.1.1
                                            Oct 14, 2024 06:02:09.420880079 CEST53553421.1.1.1192.168.2.4
                                            Oct 14, 2024 06:02:09.423857927 CEST5999653192.168.2.41.1.1.1
                                            Oct 14, 2024 06:02:09.432836056 CEST53599961.1.1.1192.168.2.4
                                            Oct 14, 2024 06:02:09.435812950 CEST6399953192.168.2.41.1.1.1
                                            Oct 14, 2024 06:02:09.444202900 CEST53639991.1.1.1192.168.2.4
                                            Oct 14, 2024 06:02:09.446729898 CEST4952653192.168.2.41.1.1.1
                                            Oct 14, 2024 06:02:09.455990076 CEST53495261.1.1.1192.168.2.4
                                            Oct 14, 2024 06:02:09.458173990 CEST5909853192.168.2.41.1.1.1
                                            Oct 14, 2024 06:02:09.466952085 CEST53590981.1.1.1192.168.2.4
                                            Oct 14, 2024 06:02:09.469485044 CEST5255753192.168.2.41.1.1.1
                                            Oct 14, 2024 06:02:09.478029966 CEST53525571.1.1.1192.168.2.4
                                            Oct 14, 2024 06:02:09.480204105 CEST6211153192.168.2.41.1.1.1
                                            Oct 14, 2024 06:02:09.489736080 CEST53621111.1.1.1192.168.2.4
                                            Oct 14, 2024 06:02:09.492153883 CEST5608353192.168.2.41.1.1.1
                                            Oct 14, 2024 06:02:09.501205921 CEST53560831.1.1.1192.168.2.4
                                            Oct 14, 2024 06:02:09.506998062 CEST5037153192.168.2.41.1.1.1
                                            Oct 14, 2024 06:02:09.514245033 CEST53503711.1.1.1192.168.2.4
                                            Oct 14, 2024 06:02:11.031084061 CEST6191453192.168.2.41.1.1.1
                                            Oct 14, 2024 06:02:11.043972015 CEST53619141.1.1.1192.168.2.4

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Oct 14, 2024 06:02:09.411259890 CEST192.168.2.41.1.1.10x3784Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:09.423857927 CEST192.168.2.41.1.1.10x3dd9Standard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:09.435812950 CEST192.168.2.41.1.1.10x5587Standard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:09.446729898 CEST192.168.2.41.1.1.10xb59eStandard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:09.458173990 CEST192.168.2.41.1.1.10x5a4fStandard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:09.469485044 CEST192.168.2.41.1.1.10xc1e1Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:09.480204105 CEST192.168.2.41.1.1.10x7a93Standard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:09.492153883 CEST192.168.2.41.1.1.10x500Standard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:09.506998062 CEST192.168.2.41.1.1.10x7795Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:11.031084061 CEST192.168.2.41.1.1.10x902aStandard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Oct 14, 2024 06:02:09.420880079 CEST1.1.1.1192.168.2.40x3784Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:09.432836056 CEST1.1.1.1192.168.2.40x3dd9Name error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:09.444202900 CEST1.1.1.1192.168.2.40x5587Name error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:09.455990076 CEST1.1.1.1192.168.2.40xb59eName error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:09.466952085 CEST1.1.1.1192.168.2.40x5a4fName error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:09.478029966 CEST1.1.1.1192.168.2.40xc1e1Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:09.489736080 CEST1.1.1.1192.168.2.40x7a93Name error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:09.501205921 CEST1.1.1.1192.168.2.40x500Name error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:09.514245033 CEST1.1.1.1192.168.2.40x7795No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:11.043972015 CEST1.1.1.1192.168.2.40x902aNo error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false
                                            Oct 14, 2024 06:02:11.043972015 CEST1.1.1.1192.168.2.40x902aNo error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false

                                            HTTP Request Dependency Graph

                                            • steamcommunity.com
                                            • sergei-esenin.com

                                            HTTPS Proxied Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.449730104.102.49.2544432336C:\Users\user\Desktop\file.exe
                                            TimestampBytes transferredDirectionData
                                            2024-10-14 04:02:10 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                            Connection: Keep-Alive
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                            Host: steamcommunity.com
                                            2024-10-14 04:02:10 UTC1870INHTTP/1.1 200 OK
                                            Server: nginx
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                            Cache-Control: no-cache
                                            Date: Mon, 14 Oct 2024 04:02:10 GMT
                                            Content-Length: 34837
                                            Connection: close
                                            Set-Cookie: sessionid=d9b4d974260e197745e81065; Path=/; Secure; SameSite=None
                                            Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                            2024-10-14 04:02:10 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                            Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                            2024-10-14 04:02:10 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                            Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                            2024-10-14 04:02:10 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                            Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                            2024-10-14 04:02:10 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                            Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            1192.168.2.449731172.67.206.2044432336C:\Users\user\Desktop\file.exe
                                            TimestampBytes transferredDirectionData
                                            2024-10-14 04:02:11 UTC264OUTPOST /api HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                            Content-Length: 8
                                            Host: sergei-esenin.com
                                            2024-10-14 04:02:11 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                            Data Ascii: act=life
                                            2024-10-14 04:02:11 UTC551INHTTP/1.1 200 OK
                                            Date: Mon, 14 Oct 2024 04:02:11 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Transfer-Encoding: chunked
                                            Connection: close
                                            X-Frame-Options: SAMEORIGIN
                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xFN1hyOLXHQsdkjtjguI5rMqgJPK4Y%2Bccg%2BULTyq1yQcUDVzu7uzhb29iWkWROb4USShF7GPAIkbCOIfWMqXQZU46bpvbddy4irr9OnhRpS8XwoItvA0xyW9QjPrxuaoqh6faQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                            Server: cloudflare
                                            CF-RAY: 8d24ac26797019d7-EWR
                                            2024-10-14 04:02:11 UTC818INData Raw: 31 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                            Data Ascii: 1151<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                            2024-10-14 04:02:11 UTC1369INData Raw: 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b
                                            Data Ascii: cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cook
                                            2024-10-14 04:02:11 UTC1369INData Raw: 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74
                                            Data Ascii: ent/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <input
                                            2024-10-14 04:02:11 UTC885INData Raw: 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64
                                            Data Ascii: <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand
                                            2024-10-14 04:02:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                            Data Ascii: 0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            2192.168.2.449732172.67.206.2044432336C:\Users\user\Desktop\file.exe
                                            TimestampBytes transferredDirectionData
                                            2024-10-14 04:02:13 UTC354OUTPOST /api HTTP/1.1
                                            Connection: Keep-Alive
                                            Content-Type: application/x-www-form-urlencoded
                                            Cookie: __cf_mw_byp=PBl8_uAZ71ma5TmIb7rtXR6M7MUfeWV0I.l03.tWsC8-1728878531-0.0.1.1-/api
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                            Content-Length: 52
                                            Host: sergei-esenin.com
                                            2024-10-14 04:02:13 UTC52OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d
                                            Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
                                            2024-10-14 04:02:14 UTC835INHTTP/1.1 200 OK
                                            Date: Mon, 14 Oct 2024 04:02:13 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Transfer-Encoding: chunked
                                            Connection: close
                                            Set-Cookie: PHPSESSID=084047lpqpkivi1mes7k027pga; expires=Thu, 06 Feb 2025 21:48:52 GMT; Max-Age=9999999; path=/
                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                            Cache-Control: no-store, no-cache, must-revalidate
                                            Pragma: no-cache
                                            cf-cache-status: DYNAMIC
                                            vary: accept-encoding
                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0xTPfuRav18OD3WPn7QKAHFnxJ9n2NayH5VcOs84ws%2F1G2hTpg9TWftW6YfjEU84JZTvTNC7x%2Fh%2B%2FhfSufEmiE%2FlSnSUEe5%2BgWWU5pRJxwKRCIKqbhnEQr7Divi%2F0Ivzyx3wiw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                            Server: cloudflare
                                            CF-RAY: 8d24ac327f2e1a1f-EWR
                                            alt-svc: h3=":443"; ma=86400
                                            2024-10-14 04:02:14 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                            Data Ascii: aerror #D12
                                            2024-10-14 04:02:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                            Data Ascii: 0


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:00:02:06
                                            Start date:14/10/2024
                                            Path:C:\Users\user\Desktop\file.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\file.exe"
                                            Imagebase:0x980000
                                            File size:3'019'264 bytes
                                            MD5 hash:4F245878A56ED4C45FB3FDA19421EDA8
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:4
                                            Start time:00:02:15
                                            Start date:14/10/2024
                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 1900
                                            Imagebase:0xba0000
                                            File size:483'680 bytes
                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:5
                                            Start time:00:02:15
                                            Start date:14/10/2024
                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 1916
                                            Imagebase:0xba0000
                                            File size:483'680 bytes
                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:10
                                            Start time:00:02:34
                                            Start date:14/10/2024
                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 1952
                                            Imagebase:0xba0000
                                            File size:483'680 bytes
                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            Disassembly

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:2.6%
                                              Dynamic/Decrypted Code Coverage:0%
                                              Signature Coverage:36.7%
                                              Total number of Nodes:210
                                              Total number of Limit Nodes:16
                                              execution_graph 7867 98f058 7870 98f06d 7867->7870 7871 98fca0 7870->7871 7873 98fcdc 7871->7873 7872 98f0f9 7873->7872 7874 9c3220 RtlFreeHeap 7873->7874 7874->7872 7749 99049b 7753 990227 7749->7753 7750 990455 7752 9c5700 RtlFreeHeap 7750->7752 7754 990308 7752->7754 7753->7750 7753->7754 7755 9c5700 7753->7755 7756 9c571b 7755->7756 7758 9c5729 7755->7758 7756->7758 7759 9c3220 7756->7759 7758->7750 7760 9c32ac 7759->7760 7761 9c32a2 RtlFreeHeap 7759->7761 7762 9c3236 7759->7762 7760->7758 7761->7760 7762->7761 7911 99811b 7916 9c9b60 7911->7916 7913 9981ea 7915 99814a 7915->7913 7922 9c5bb0 LdrInitializeThunk 7915->7922 7918 9c9b85 7916->7918 7917 9c9c9e 7917->7915 7919 9c9bef 7918->7919 7923 9c5bb0 LdrInitializeThunk 7918->7923 7919->7917 7924 9c5bb0 LdrInitializeThunk 7919->7924 7922->7915 7923->7919 7924->7917 7763 98d110 7767 98d119 7763->7767 7764 98d2ee 7765 98d2e9 7772 9c56e0 7765->7772 7767->7764 7767->7765 7771 992f10 CoInitialize 7767->7771 7775 9c7180 7772->7775 7774 9c56e5 FreeLibrary 7774->7764 7776 9c7189 7775->7776 7776->7774 7997 996f91 7998 996fbc 7997->7998 7999 99702a 7998->7999 8003 9c5bb0 LdrInitializeThunk 7998->8003 8004 9c5bb0 LdrInitializeThunk 7999->8004 8002 9970d1 8003->7999 8004->8002 7782 9c99d0 7784 9c99f5 7782->7784 7783 9c9b0e 7786 9c9a5f 7784->7786 7788 9c5bb0 LdrInitializeThunk 7784->7788 7786->7783 7789 9c5bb0 LdrInitializeThunk 7786->7789 7788->7786 7789->7783 8016 98efd4 8017 9c3220 RtlFreeHeap 8016->8017 8018 98efdf 8017->8018 7875 99d457 7876 9c95b0 LdrInitializeThunk 7875->7876 7877 99d46b 7876->7877 7878 99d4a9 7877->7878 7880 99d4d6 7877->7880 7884 99d47a 7877->7884 7885 9c98f0 7877->7885 7878->7880 7878->7884 7889 9c99d0 7878->7889 7880->7884 7895 9c5bb0 LdrInitializeThunk 7880->7895 7883 99d6db 7886 9c9918 7885->7886 7887 9c997e 7886->7887 7896 9c5bb0 LdrInitializeThunk 7886->7896 7887->7878 7891 9c99f5 7889->7891 7890 9c9b0e 7890->7880 7893 9c9a5f 7891->7893 7897 9c5bb0 LdrInitializeThunk 7891->7897 7893->7890 7898 9c5bb0 LdrInitializeThunk 7893->7898 7895->7883 7896->7887 7897->7893 7898->7890 7859 999809 7862 9c9410 7859->7862 7861 999848 7864 9c9430 7862->7864 7863 9c954e 7863->7861 7864->7863 7866 9c5bb0 LdrInitializeThunk 7864->7866 7866->7863 8044 99e30b 8045 99e320 8044->8045 8049 99e34e 8044->8049 8046 9c3e30 LdrInitializeThunk 8045->8046 8046->8049 8047 9c3220 RtlFreeHeap 8048 99e5a2 8047->8048 8050 9c3e30 LdrInitializeThunk 8049->8050 8056 99e560 8049->8056 8053 99e41c 8050->8053 8051 9c3e30 LdrInitializeThunk 8051->8053 8052 9c3220 RtlFreeHeap 8052->8053 8053->8051 8053->8052 8054 99e56a 8053->8054 8053->8056 8055 9c3220 RtlFreeHeap 8054->8055 8055->8056 8056->8047 7968 998e0d 7969 998e42 7968->7969 7973 998ea4 7969->7973 7974 9c5bb0 LdrInitializeThunk 7969->7974 7971 998fa3 7973->7971 7975 9c5bb0 LdrInitializeThunk 7973->7975 7974->7969 7975->7973 8019 9983ce 8022 998403 8019->8022 8020 99846d 8022->8020 8023 9c5bb0 LdrInitializeThunk 8022->8023 8023->8022 7982 9c4a40 7985 9c4a77 7982->7985 7983 9c4ad8 7984 9c4b6d 7983->7984 7991 9c3e30 7983->7991 7985->7983 7990 9c5bb0 LdrInitializeThunk 7985->7990 7988 9c4b29 7988->7984 7995 9c5bb0 LdrInitializeThunk 7988->7995 7990->7983 7993 9c3e45 7991->7993 7992 9c3ed0 7992->7988 7993->7992 7996 9c5bb0 LdrInitializeThunk 7993->7996 7995->7984 7996->7992 7928 99d93c 7929 9c98f0 LdrInitializeThunk 7928->7929 7930 99d952 7929->7930 8057 994b3c 8058 994b40 8057->8058 8059 9a42b0 LdrInitializeThunk 8058->8059 8060 995a97 8058->8060 8059->8060 7957 996ebf 7961 996a52 7957->7961 7959 9c3220 RtlFreeHeap 7959->7961 7961->7957 7961->7959 7962 9c3630 7961->7962 7966 9c5bb0 LdrInitializeThunk 7961->7966 7963 9c36be 7962->7963 7964 9c3640 7962->7964 7963->7961 7964->7963 7967 9c5bb0 LdrInitializeThunk 7964->7967 7966->7961 7967->7963 7777 9c95b0 7779 9c95d0 7777->7779 7778 9c970e 7779->7778 7781 9c5bb0 LdrInitializeThunk 7779->7781 7781->7778 7907 98edb5 7909 98edd0 7907->7909 7908 98fca0 RtlFreeHeap 7910 98ef70 7908->7910 7909->7908 7931 996536 7932 99655c 7931->7932 7935 9c32c0 7932->7935 7934 9968a4 7934->7934 7937 9c32f0 7935->7937 7936 9c3492 7936->7934 7940 9c333e 7937->7940 7943 9c5bb0 LdrInitializeThunk 7937->7943 7939 9c3220 RtlFreeHeap 7939->7936 7940->7936 7941 9c33fe 7940->7941 7944 9c5bb0 LdrInitializeThunk 7940->7944 7941->7939 7943->7940 7944->7941 7976 990228 7977 990455 7976->7977 7980 990242 7976->7980 7981 990308 7976->7981 7979 9c5700 RtlFreeHeap 7977->7979 7978 9c5700 RtlFreeHeap 7978->7977 7979->7981 7980->7977 7980->7978 7980->7981 7851 9968ab 7853 9968aa 7851->7853 7853->7851 7854 9c34d0 7853->7854 7855 9c359e 7854->7855 7856 9c34e1 7854->7856 7855->7853 7856->7855 7858 9c5bb0 LdrInitializeThunk 7856->7858 7858->7855 7790 992f6f CoInitializeSecurity 7791 98fca0 7793 98fcdc 7791->7793 7792 98ffe4 7793->7792 7794 9c3220 RtlFreeHeap 7793->7794 7794->7792 7953 99d961 7954 99d96e 7953->7954 7955 9c99d0 LdrInitializeThunk 7954->7955 7956 99d983 7955->7956 7956->7956 7795 992fe0 7797 992ffa 7795->7797 7796 993377 7797->7795 7797->7796 7798 9c3220 RtlFreeHeap 7797->7798 7799 9934cc 7797->7799 7798->7797 7816 9a9510 7799->7816 7801 993674 7824 9a9bb0 7801->7824 7817 9a956e 7816->7817 7817->7817 7828 9c9760 7817->7828 7819 9a98f7 7821 9a9908 7819->7821 7832 9a6cc0 7819->7832 7821->7801 7822 9a9768 7822->7819 7822->7821 7822->7822 7823 9c9760 LdrInitializeThunk 7822->7823 7823->7819 7825 9a9c51 7824->7825 7841 9a42b0 7825->7841 7827 9a9e05 7829 9c9780 7828->7829 7831 9c989e 7829->7831 7835 9c5bb0 LdrInitializeThunk 7829->7835 7831->7822 7836 9c95b0 7832->7836 7834 9a6d15 7835->7831 7838 9c95d0 7836->7838 7837 9c970e 7837->7834 7838->7837 7840 9c5bb0 LdrInitializeThunk 7838->7840 7840->7837 7842 9a42c0 7841->7842 7843 9c9760 LdrInitializeThunk 7842->7843 7844 9a4319 7843->7844 7845 9a6cc0 LdrInitializeThunk 7844->7845 7846 9a43d7 7844->7846 7845->7846 7846->7827 8061 99d760 8062 99d773 8061->8062 8062->8062 8063 9c95b0 LdrInitializeThunk 8062->8063 8064 99d92d 8063->8064 8027 993be2 8028 993be9 8027->8028 8030 993ea3 8028->8030 8032 993e36 8028->8032 8033 9c5bb0 LdrInitializeThunk 8028->8033 8030->8032 8034 9c5bb0 LdrInitializeThunk 8030->8034 8033->8030 8034->8032 7945 9c3920 7946 9c393c 7945->7946 7947 9c3a42 7946->7947 7949 9c5bb0 LdrInitializeThunk 7946->7949 7949->7947

                                              Executed Functions

                                              Function 0098FCA0 Relevance: 6.6, Strings: 5, Instructions: 373COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 236 98fca0-98fcda 237 98fd0b-98fe22 236->237 238 98fcdc-98fcdf 236->238 240 98fe5b-98fe8c 237->240 241 98fe24 237->241 239 98fce0-98fd09 call 992690 238->239 239->237 244 98fe8e-98fe8f 240->244 245 98feb6-98fec5 call 990b50 240->245 243 98fe30-98fe59 call 992760 241->243 243->240 249 98fe90-98feb4 call 992700 244->249 250 98feca-98fecf 245->250 249->245 254 98ffe4-98ffe6 250->254 255 98fed5-98fef8 250->255 258 9901b1-9901bb 254->258 256 98fefa 255->256 257 98ff2b-98ff2d 255->257 259 98ff00-98ff29 call 9927e0 256->259 260 98ff30-98ff3a 257->260 259->257 262 98ff3c-98ff3f 260->262 263 98ff41-98ff49 260->263 262->260 262->263 265 98ff4f-98ff76 263->265 266 9901a2-9901ad call 9c3220 263->266 268 98ff78 265->268 269 98ffab-98ffb5 265->269 266->258 273 98ff80-98ffa9 call 992840 268->273 270 98ffeb 269->270 271 98ffb7-98ffbb 269->271 276 98ffed-98ffef 270->276 275 98ffc7-98ffcb 271->275 273->269 278 99019a 275->278 279 98ffd1-98ffd8 275->279 276->278 280 98fff5-99002c 276->280 278->266 281 98ffda-98ffdc 279->281 282 98ffde 279->282 283 99005b-990065 280->283 284 99002e-99002f 280->284 281->282 287 98ffc0-98ffc5 282->287 288 98ffe0-98ffe2 282->288 285 9900a4 283->285 286 990067-99006f 283->286 289 990030-990059 call 9928a0 284->289 292 9900a6-9900a8 285->292 291 990087-99008b 286->291 287->275 287->276 288->287 289->283 291->278 294 990091-990098 291->294 292->278 295 9900ae-9900c5 292->295 296 99009a-99009c 294->296 297 99009e 294->297 298 9900fb-990102 295->298 299 9900c7 295->299 296->297 302 990080-990085 297->302 303 9900a0-9900a2 297->303 300 990130-99013c 298->300 301 990104-99010d 298->301 304 9900d0-9900f9 call 992900 299->304 306 9901c2-9901c7 300->306 305 990117-99011b 301->305 302->291 302->292 303->302 304->298 305->278 309 99011d-990124 305->309 306->266 310 99012a 309->310 311 990126-990128 309->311 312 99012c-99012e 310->312 313 990110-990115 310->313 311->310 312->313 313->305 314 990141-990143 313->314 314->278 315 990145-99015b 314->315 315->306 316 99015d-99015f 315->316 317 990163-990166 316->317 318 990168-990188 call 992030 317->318 319 9901bc 317->319 322 99018a-990190 318->322 323 990192-990198 318->323 319->306 322->317 322->323 323->306
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: J|BJ$PBl8_uAZ71ma5TmIb7rtXR6M7MUfeWV0I.l03.tWsC8-1728878531-0.0.1.1-/api$V$VY^_$t
                                              • API String ID: 0-4088718169
                                              • Opcode ID: cbce1f2f9dd4c5c6ee13699ed7011926ecc962ba9fdd236ec9a7dfe351fd6311
                                              • Instruction ID: 229753954f74d6e356d7340f65f33a75a694919ee8d5a87ee582f1e2be2980fd
                                              • Opcode Fuzzy Hash: cbce1f2f9dd4c5c6ee13699ed7011926ecc962ba9fdd236ec9a7dfe351fd6311
                                              • Instruction Fuzzy Hash: D7D1647450C3909FD720DF18959062FBBE5ABD6B44F18882CF4E98B352C336C949DB92
                                              Function 0099049B Relevance: .3, Instructions: 264COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 380 99049b-990515 call 98c9f0 384 990339-99034f 380->384 385 99045b-990469 call 9c5700 380->385 386 9903fb-990414 380->386 387 99051c-99051e 380->387 388 99035f-990367 380->388 389 9903be 380->389 390 9903de-9903e3 380->390 391 990311-990332 380->391 392 990370-99037e 380->392 393 9903d0-9903d7 380->393 394 990393-990397 380->394 395 990472-990477 380->395 396 990417-990430 380->396 397 990356 380->397 398 990308-99030c 380->398 399 9903ec-9903f4 380->399 400 990440-990458 call 9c5700 380->400 401 990480 380->401 402 990242-990244 380->402 403 990482-990484 380->403 404 990227-99023b 380->404 405 990246-990260 380->405 406 990386-99038c 380->406 384->385 384->386 384->388 384->389 384->390 384->392 384->393 384->394 384->395 384->396 384->397 384->399 384->400 384->401 384->403 384->406 385->395 386->396 407 990520 387->407 388->392 389->393 390->399 391->384 391->385 391->386 391->388 391->389 391->390 391->392 391->393 391->394 391->395 391->396 391->397 391->399 391->400 391->401 391->403 391->406 392->406 393->386 393->390 393->394 393->395 393->396 393->399 393->401 393->403 393->406 414 9903a0-9903b7 394->414 395->401 396->400 397->388 412 99048d-990496 398->412 399->386 399->394 399->395 399->401 399->403 400->385 408 990296-9902bd 402->408 403->412 404->384 404->385 404->386 404->388 404->389 404->390 404->391 404->392 404->393 404->394 404->395 404->396 404->397 404->398 404->399 404->400 404->401 404->402 404->403 404->405 404->406 409 990262 405->409 410 990294 405->410 406->394 406->395 406->401 406->403 424 990529-990b30 407->424 416 9902ea-990301 408->416 417 9902bf 408->417 415 990270-990292 call 992eb0 409->415 410->408 412->407 414->385 414->386 414->389 414->390 414->393 414->394 414->395 414->396 414->399 414->400 414->401 414->403 414->406 415->410 416->384 416->385 416->386 416->388 416->389 416->390 416->391 416->392 416->393 416->394 416->395 416->396 416->397 416->398 416->399 416->400 416->401 416->403 416->406 426 9902c0-9902e8 call 992e70 417->426 426->416
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 586bd266ab6dc13bba3c540cda7b649268796a38744327f61119f9895e8087ec
                                              • Instruction ID: 5cdf4418b8641899f4fdbba222df75cde565c32fa4fd2306ccb2b7bd728526f8
                                              • Opcode Fuzzy Hash: 586bd266ab6dc13bba3c540cda7b649268796a38744327f61119f9895e8087ec
                                              • Instruction Fuzzy Hash: 1A919C75614B00CFD724CF25E8A4A26B7F6FF89310B118A6DE8668BAA1D730F815DB50
                                              Function 00990228 Relevance: .2, Instructions: 218COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 434 990228-99023b 435 990339-99034f 434->435 436 99045b-990469 call 9c5700 434->436 437 9903fb-990414 434->437 438 99035f-990367 434->438 439 9903be 434->439 440 9903de-9903e3 434->440 441 990311-990332 434->441 442 990370-99037e 434->442 443 9903d0-9903d7 434->443 444 990393-990397 434->444 445 990472-990477 434->445 446 990417-990430 434->446 447 990356 434->447 448 990308-99030c 434->448 449 9903ec-9903f4 434->449 450 990440-990458 call 9c5700 434->450 451 990480 434->451 452 990242-990244 434->452 453 990482-990484 434->453 454 990246-990260 434->454 455 990386-99038c 434->455 435->436 435->437 435->438 435->439 435->440 435->442 435->443 435->444 435->445 435->446 435->447 435->449 435->450 435->451 435->453 435->455 436->445 437->446 438->442 439->443 440->449 441->435 441->436 441->437 441->438 441->439 441->440 441->442 441->443 441->444 441->445 441->446 441->447 441->449 441->450 441->451 441->453 441->455 442->455 443->437 443->440 443->444 443->445 443->446 443->449 443->451 443->453 443->455 462 9903a0-9903b7 444->462 445->451 446->450 447->438 460 99048d-990496 448->460 449->437 449->444 449->445 449->451 449->453 450->436 456 990296-9902bd 452->456 453->460 457 990262 454->457 458 990294 454->458 455->444 455->445 455->451 455->453 464 9902ea-990301 456->464 465 9902bf 456->465 463 990270-990292 call 992eb0 457->463 458->456 478 990520 460->478 462->436 462->437 462->439 462->440 462->443 462->444 462->445 462->446 462->449 462->450 462->451 462->453 462->455 463->458 464->435 464->436 464->437 464->438 464->439 464->440 464->441 464->442 464->443 464->444 464->445 464->446 464->447 464->448 464->449 464->450 464->451 464->453 464->455 473 9902c0-9902e8 call 992e70 465->473 473->464 480 990529-990b30 478->480
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3b30029e78f1ef0144b195a51975388fa195b0c017dc846d10aed6272c2820d0
                                              • Instruction ID: 7a6e8726516437a47cabcdc0ea4520c2f6ce9c26956991a147421bf73d16590b
                                              • Opcode Fuzzy Hash: 3b30029e78f1ef0144b195a51975388fa195b0c017dc846d10aed6272c2820d0
                                              • Instruction Fuzzy Hash: C4718834615700DFDB24CF25ECA4F2AB7F6FF89710F108969E8968BA62C731A815DB50
                                              Function 0098D110 Relevance: .2, Instructions: 168COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 483 98d110-98d11b call 9c4cc0 486 98d2ee-98d2f6 483->486 487 98d121-98d130 call 9bc8d0 483->487 492 98d2e9 call 9c56e0 487->492 493 98d136-98d15f 487->493 492->486 497 98d161 493->497 498 98d196-98d1bf 493->498 499 98d170-98d194 call 98d300 497->499 500 98d1c1 498->500 501 98d1f6-98d20c 498->501 499->498 505 98d1d0-98d1f4 call 98d370 500->505 502 98d239-98d23b 501->502 503 98d20e-98d20f 501->503 507 98d23d-98d25a 502->507 508 98d286-98d2aa 502->508 506 98d210-98d237 call 98d3e0 503->506 505->501 506->502 507->508 513 98d25c-98d25f 507->513 514 98d2ac-98d2af 508->514 515 98d2d6-98d2dd call 98e8f0 508->515 518 98d260-98d284 call 98d440 513->518 519 98d2b0-98d2d4 call 98d490 514->519 515->492 524 98d2df call 992f10 515->524 518->508 519->515 527 98d2e4 call 990b40 524->527 527->492
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bbc05e76b6a098d63d7b5be07efc5a1a9bda88ec827eaee6826bedac5887da97
                                              • Instruction ID: bbc0582e7827cc919555421f1b0d0320ce27708d1986bc57728d7e90921e7525
                                              • Opcode Fuzzy Hash: bbc05e76b6a098d63d7b5be07efc5a1a9bda88ec827eaee6826bedac5887da97
                                              • Instruction Fuzzy Hash: 4D41457050E380ABD701BB68D598A2EFBF5AF92744F148C0CE5D497392C33AD8108B67
                                              Function 009C99D0 Relevance: .1, Instructions: 143COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 529 9c99d0-9c99f3 530 9c9a2b-9c9a3b 529->530 531 9c99f5 529->531 533 9c9a8c-9c9a95 530->533 534 9c9a3d-9c9a4f 530->534 532 9c9a00-9c9a29 call 9cae40 531->532 532->530 535 9c9a9b-9c9ab5 533->535 536 9c9b36-9c9b38 533->536 538 9c9a50-9c9a58 534->538 539 9c9ae6-9c9af2 535->539 540 9c9ab7 535->540 541 9c9b49-9c9b50 536->541 542 9c9b3a-9c9b41 536->542 544 9c9a5a-9c9a5d 538->544 545 9c9a61-9c9a67 538->545 550 9c9b2e-9c9b30 539->550 551 9c9af4-9c9aff 539->551 547 9c9ac0-9c9ae4 call 9cae40 540->547 548 9c9b47 542->548 549 9c9b43 542->549 544->538 552 9c9a5f 544->552 545->533 546 9c9a69-9c9a84 call 9c5bb0 545->546 557 9c9a89 546->557 547->539 548->541 549->548 550->536 554 9c9b32 550->554 556 9c9b00-9c9b07 551->556 552->533 554->536 559 9c9b09-9c9b0c 556->559 560 9c9b10-9c9b16 556->560 557->533 559->556 562 9c9b0e 559->562 560->550 561 9c9b18-9c9b2b call 9c5bb0 560->561 561->550 562->550
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 408b14d15ea8fb43249cb28675d0bd054fad9cb5f417e213e0d05acce0436406
                                              • Instruction ID: 8c64c147b563ddb4654c1c0efea9554e8a297bd36be9ac00e06f8acaea8ea1a4
                                              • Opcode Fuzzy Hash: 408b14d15ea8fb43249cb28675d0bd054fad9cb5f417e213e0d05acce0436406
                                              • Instruction Fuzzy Hash: 7041DE34A09300ABD714DB15E894F2BF7EAEB85714F64882CF58A87251D331EC00DB63
                                              Function 009C00D0 Relevance: .1, Instructions: 77COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 49cbf2ed76a800fa5fc6030ff0b6c9ff89f1af1789fe71090c89ca86ff5befe9
                                              • Instruction ID: d5a95c70c581a3ae558700accb43385fcc416dbc361bbb6b50975a0bccf756e6
                                              • Opcode Fuzzy Hash: 49cbf2ed76a800fa5fc6030ff0b6c9ff89f1af1789fe71090c89ca86ff5befe9
                                              • Instruction Fuzzy Hash: 7221DB32D0C3548FC7195E299891B2EF7D2DBC5320F1E893EE9A64B381D5399D409393
                                              Function 00990EEC Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7670352ba0e72350d272dce5b54dd7ea8c83bb902536a8891d96f48d94e82385
                                              • Instruction ID: dd4cb15b74d175e8035c30c3280e59d256cdf8349a517920ea137d57c10a5654
                                              • Opcode Fuzzy Hash: 7670352ba0e72350d272dce5b54dd7ea8c83bb902536a8891d96f48d94e82385
                                              • Instruction Fuzzy Hash: 81212AB590521A9FDF15CF98CC90BBEBBB6FB46304F144819E411BB292C735A901CF64
                                              Function 009C3220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 340 9c3220-9c322f 341 9c32ac-9c32b0 340->341 342 9c3236-9c3252 340->342 343 9c32a0 340->343 344 9c32a2-9c32a6 RtlFreeHeap 340->344 345 9c3254 342->345 346 9c3286-9c3296 342->346 343->344 344->341 347 9c3260-9c3284 call 9c5af0 345->347 346->343 347->346
                                              APIs
                                              • RtlFreeHeap.NTDLL(?,00000000), ref: 009C32A6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID: FreeHeap
                                              • String ID:
                                              • API String ID: 3298025750-0
                                              • Opcode ID: 3fc08961f434838595296b73097521d3f46397bb62fd5665bb24010eb04bba55
                                              • Instruction ID: 627e992e9347da70e88f56ecb8cafdae5663ef9d32cdbe493f8e537d5bc6ce87
                                              • Opcode Fuzzy Hash: 3fc08961f434838595296b73097521d3f46397bb62fd5665bb24010eb04bba55
                                              • Instruction Fuzzy Hash: 43018B3094E2409BC700AB18E844E1ABBE8EF4A700F45891CE4C48B321D235DC60DB93
                                              Function 009C5BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 350 9c5bb0-9c5be2 LdrInitializeThunk
                                              APIs
                                              • LdrInitializeThunk.NTDLL(009C98C0,005C003F,00000002,00000018,?), ref: 009C5BDE
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                              • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                              • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                              • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                              Function 00992F6F Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 351 992f6f-992f87 CoInitializeSecurity
                                              APIs
                                              • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00992F82
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID: InitializeSecurity
                                              • String ID:
                                              • API String ID: 640775948-0
                                              • Opcode ID: b791e139727e559e5fbb7f70b41df3083da8277c3a8a10e7f7fbb853ccfb83bf
                                              • Instruction ID: 164fe2f3220500e90dc9a7629453e9c818b7e4b37412da7a2f1adf0923be0b25
                                              • Opcode Fuzzy Hash: b791e139727e559e5fbb7f70b41df3083da8277c3a8a10e7f7fbb853ccfb83bf
                                              • Instruction Fuzzy Hash: B8C092317E8305B0F03006086C63F0520045302F60F700B10B3307C1D089D13110911C
                                              Function 00992F10 Relevance: 1.3, APIs: 1, Instructions: 33COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 379 992f10-992f65 CoInitialize
                                              APIs
                                              • CoInitialize.OLE32(00000000), ref: 00992F60
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID: Initialize
                                              • String ID:
                                              • API String ID: 2538663250-0
                                              • Opcode ID: 2ed8e5bec1391aad2bf5fa7d798bfb3d359c18661f72529919868141b4d2ceef
                                              • Instruction ID: eb6aa1df2621d6e7c961cb1874ff790fc3cca66586a5d6becc715f3cbfada282
                                              • Opcode Fuzzy Hash: 2ed8e5bec1391aad2bf5fa7d798bfb3d359c18661f72529919868141b4d2ceef
                                              • Instruction Fuzzy Hash: 80F089A5D107006BD230BA3D9D0B7177D78A702260F400729ECE1463C4F620A42DCBD7

                                              Non-executed Functions

                                              Function 009A9510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                              • API String ID: 0-655414846
                                              • Opcode ID: 5a904b80cf82b9ad6dc99ad030564dc1d6fcfe049118a6d6dc817bf89ab0a4ae
                                              • Instruction ID: c3088c6b115be0cae4d507b602fb022d1245a61d70fa6c6f766063d0b354998a
                                              • Opcode Fuzzy Hash: 5a904b80cf82b9ad6dc99ad030564dc1d6fcfe049118a6d6dc817bf89ab0a4ae
                                              • Instruction Fuzzy Hash: 2AF13DB4508380ABD310DF19D881A2BBBF4FB8AB48F144D1CF5D99B252D374D908CBA6
                                              Function 009AFD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: :$NA_I$m1s3$uvw
                                              • API String ID: 0-3973114637
                                              • Opcode ID: 7fa9b41dbc527de1ae23c9e97859575d06a020efba062b48c0538131aca27c8b
                                              • Instruction ID: 0752e664d985db61ccdd04d91ab90e568019a77f48bd25c97d11c9a164b06718
                                              • Opcode Fuzzy Hash: 7fa9b41dbc527de1ae23c9e97859575d06a020efba062b48c0538131aca27c8b
                                              • Instruction Fuzzy Hash: 1F32B7B151D381DFD314DF28D880B6BBBE5AB8A310F144A2CF5D58B2A2D335D945CBA2
                                              Function 00993BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %*+($;z$p$ss
                                              • API String ID: 0-2391135358
                                              • Opcode ID: f1fbf9c30aa0869c2ac5553442b4248ce8b434ce7a4fc1ea982c04607dedc034
                                              • Instruction ID: 8f3b41012bafe01205157f573b1759adf5849f4f563c4dbb31bc6462852a62bd
                                              • Opcode Fuzzy Hash: f1fbf9c30aa0869c2ac5553442b4248ce8b434ce7a4fc1ea982c04607dedc034
                                              • Instruction Fuzzy Hash: 1D026DB4810B00DFD760EF29D986B56BFF5FB05300F50895DE89A8B695E330A815CBA2
                                              Function 009AC470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %*+($%*+($~/i!
                                              • API String ID: 0-4033100838
                                              • Opcode ID: 197dcda1056b3dbc99c2392b6359f2ce128765d22e81667f25f8213a94180c0b
                                              • Instruction ID: 19f6e75c25afb370731f3d5cc7dd4ff2db952a0b33e7ed34824b67f542e7e74e
                                              • Opcode Fuzzy Hash: 197dcda1056b3dbc99c2392b6359f2ce128765d22e81667f25f8213a94180c0b
                                              • Instruction Fuzzy Hash: 33E197B551D340EFE3209F64D881B2BBBE9FB86344F54882DE5C98B251D735D850CB92
                                              Function 009835B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Inf$NaN
                                              • API String ID: 0-3500518849
                                              • Opcode ID: 493fc3c32292bf9c9ef57959693d7e0314cb4af213418cc81cf7bddcd5c53b20
                                              • Instruction ID: ad1b3daae8718268540188467c10af5b96ba56d2e2a27b4be10238df43e133ec
                                              • Opcode Fuzzy Hash: 493fc3c32292bf9c9ef57959693d7e0314cb4af213418cc81cf7bddcd5c53b20
                                              • Instruction Fuzzy Hash: C7D1E471A083119BC708DF29C88161EB7E5FBC8B50F25CA2DF999973A0E675DD058B82
                                              Function 00985160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %1.17g
                                              • API String ID: 0-1551345525
                                              • Opcode ID: 8ba31509892fcba5e76a4778c580f1c09837c3c12c29799bdfec5f3469cd919e
                                              • Instruction ID: 550a003958535180b0913e74df250276a742be3d2ca02aaef845e9fd668cb0b0
                                              • Opcode Fuzzy Hash: 8ba31509892fcba5e76a4778c580f1c09837c3c12c29799bdfec5f3469cd919e
                                              • Instruction Fuzzy Hash: A022D3B6A08B42CBE715AE18D940726BBE6AFE0304F1EC56EE8594B351E775DC0CC742
                                              Function 00996EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %*+(
                                              • API String ID: 0-3233224373
                                              • Opcode ID: 5a75bdfd56e70b8ee255c05b9994d21ea584555722326ffd92b42d8f0fb0f04e
                                              • Instruction ID: c74b683e8b568338cd56ecd6a5856607f83e283a6518892a297f40e887f52611
                                              • Opcode Fuzzy Hash: 5a75bdfd56e70b8ee255c05b9994d21ea584555722326ffd92b42d8f0fb0f04e
                                              • Instruction Fuzzy Hash: A7F19FB5A14A01CFDB24DF28D891A26B3F6FF88314B148A2DE49787791EB34F815CB51
                                              Function 00987CA4 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: n
                                              • API String ID: 0-2013832146
                                              • Opcode ID: d6ece1583e4f81533b3ea5cf097a4b4bb6a951cc02eca3b50056e506a59c0374
                                              • Instruction ID: a9b32b7dd52d3c975886962fa7919f54dc7d69e60b7aad7e199912477a4146d9
                                              • Opcode Fuzzy Hash: d6ece1583e4f81533b3ea5cf097a4b4bb6a951cc02eca3b50056e506a59c0374
                                              • Instruction Fuzzy Hash: 6E021070518B118FC368DF69C58056AFBF2BF857107A04A2ED6A78BB91DB36F845CB10
                                              Function 009ACCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID: %*+(
                                              • API String ID: 2994545307-3233224373
                                              • Opcode ID: 39dfc3f9dc95c347daee074124dde2c234442a2166ef7c20518b9551edc4f169
                                              • Instruction ID: 2931756411398f2dad290e534ccf137eb3a69fa48efcef63b0615888b76ade87
                                              • Opcode Fuzzy Hash: 39dfc3f9dc95c347daee074124dde2c234442a2166ef7c20518b9551edc4f169
                                              • Instruction Fuzzy Hash: 69B1BCB0A093069BD714DF14D880B2BBBE6EF96350F24492CE5859B291E335E855CBE2
                                              Function 0099D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %*+(
                                              • API String ID: 0-3233224373
                                              • Opcode ID: 5bc17a1fa71ed86a7b2e08cbe3e6836d6b286446c30533691606e68aae42e607
                                              • Instruction ID: 7289c5537f16c4eec3d9d53af97f9d53c734fe19928bae196b2650d425993619
                                              • Opcode Fuzzy Hash: 5bc17a1fa71ed86a7b2e08cbe3e6836d6b286446c30533691606e68aae42e607
                                              • Instruction Fuzzy Hash: C661C1B190A205DBDB10EF58DC82B2AB3B4FF95354F09092DF9858B391E335E954C792
                                              Function 009C4A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %*+(
                                              • API String ID: 0-3233224373
                                              • Opcode ID: 0d4094cca43dc81eef11c8baccc35827d9b9af95fd359ad299737694f24b71c9
                                              • Instruction ID: 38cf117cc9f904c3d3dfd81ed37ffd09e072e5fe9f4e0f0075de3bec797d4147
                                              • Opcode Fuzzy Hash: 0d4094cca43dc81eef11c8baccc35827d9b9af95fd359ad299737694f24b71c9
                                              • Instruction Fuzzy Hash: D161BC71B493019BD7109F25C8A0F2EB7EAEBC4314F69892DE9C5872A1D631EC50CB53
                                              Function 0098E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                              Download Yara Rule
                                              Strings
                                              • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0098E333
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                              • API String ID: 0-2471034898
                                              • Opcode ID: 99217fce257c93859067dbe57b0867bb581c5ad7ee72814c9d4d4c961c24958d
                                              • Instruction ID: 1826119d67c0e5261c62be8841fead7c6f122496188860d9ff935fa43a2ff6c3
                                              • Opcode Fuzzy Hash: 99217fce257c93859067dbe57b0867bb581c5ad7ee72814c9d4d4c961c24958d
                                              • Instruction Fuzzy Hash: 97511823B1D6A04BD324A93C4C652696AC70BD2334B2D876AE9F5CB3E5D5594C015390
                                              Function 009C3920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %*+(
                                              • API String ID: 0-3233224373
                                              • Opcode ID: 441dd3f3acaf221a365dd66452427d64189f3180bafa40d589a74fd87567082a
                                              • Instruction ID: c872c80c8b0a7cfa79435f015bd6b6eb8da2fb88c8ed6bd0a881c1f57a324ed6
                                              • Opcode Fuzzy Hash: 441dd3f3acaf221a365dd66452427d64189f3180bafa40d589a74fd87567082a
                                              • Instruction Fuzzy Hash: AE518D34A19240DBCB24DF15D880F2ABBE9EB89744F24C91CE4C687251D371EE60DB63
                                              Function 00991BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: L3
                                              • API String ID: 0-2730849248
                                              • Opcode ID: cb670fca365b7fd565ab8dead5ced60aeff7470e7023bcd3232e37ddd4d95401
                                              • Instruction ID: 048988e5fbcac2c7b4a082e36e41d59bf68fcdc83b3c534a169d98f2f3623eb6
                                              • Opcode Fuzzy Hash: cb670fca365b7fd565ab8dead5ced60aeff7470e7023bcd3232e37ddd4d95401
                                              • Instruction Fuzzy Hash: 2C4152B401C3819BCB149F28D894A2FBBF4BF8A354F048A1DF5C59B291E736C915CB56
                                              Function 00996F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %*+(
                                              • API String ID: 0-3233224373
                                              • Opcode ID: 8265eaee783d30f464f933940b46ad8e7ce8bc98e4bd81babe9169e9c11ec296
                                              • Instruction ID: 6707a73a1cb291751d2686d84b29a23a26c2abb69eac934a4a667d749c6580d2
                                              • Opcode Fuzzy Hash: 8265eaee783d30f464f933940b46ad8e7ce8bc98e4bd81babe9169e9c11ec296
                                              • Instruction Fuzzy Hash: 2D415771625B04DBDB348BA9D994F26B7F6FB49701F24881CE5C69BAA1E731F800CB10
                                              Function 009C9CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID: @
                                              • API String ID: 2994545307-2766056989
                                              • Opcode ID: 11261a959fd0216e9e57a15c7304f0bedb34d6269cfb89583916a3ab8721c924
                                              • Instruction ID: 53e5827c7ac849f065f7825b13c1e644c2ce7ca31203a564bca118d5f7ffb31a
                                              • Opcode Fuzzy Hash: 11261a959fd0216e9e57a15c7304f0bedb34d6269cfb89583916a3ab8721c924
                                              • Instruction Fuzzy Hash: 083154709092409BD310DF14D884B2ABBF9EB9A354F24992CF58AA7291D335D944CBA7
                                              Function 0098BEB0 Relevance: .9, Instructions: 895COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: efb29da7d79096bacc6094e4b34e266ec592ef3032653cf8f6be9c20689d955e
                                              • Instruction ID: e450ec5f41fb97a71f2680b4227181c9d30e5c6f278b03251cca031f439fb095
                                              • Opcode Fuzzy Hash: efb29da7d79096bacc6094e4b34e266ec592ef3032653cf8f6be9c20689d955e
                                              • Instruction Fuzzy Hash: 9B522A715087118BC725AF18E4802BAF3E5FFD5319F298A3ED9C693390E734A851CB96
                                              Function 0098A300 Relevance: .5, Instructions: 459COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6212bf7ef53d90d5c52b7f9dca0e1cd9d1bc5b4f631ca8a0588aaa50f1e087ad
                                              • Instruction ID: 00cb7abc4a007b6923a0f990759019dca51bcb54830ae7cc404291ce3dcc33ea
                                              • Opcode Fuzzy Hash: 6212bf7ef53d90d5c52b7f9dca0e1cd9d1bc5b4f631ca8a0588aaa50f1e087ad
                                              • Instruction Fuzzy Hash: 21F1BC766087418FD724DF29C88176BFBE6AFD8300F08882DE4D587751E639E949CB62
                                              Function 00994487 Relevance: .4, Instructions: 389COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 83b23420ff6f071df7fe2850114f0c7655d8f3293680e9d5e9ecc88a8151c122
                                              • Instruction ID: 9e3e4df255f09184846bd27533753b214afe95fc099b927e65100b6bb041fda4
                                              • Opcode Fuzzy Hash: 83b23420ff6f071df7fe2850114f0c7655d8f3293680e9d5e9ecc88a8151c122
                                              • Instruction Fuzzy Hash: AFE110B5611B008FD721CF28D9A2B97B7E1FF46708F04886CE4AACB752E735B8148B54
                                              Function 0098AF10 Relevance: .3, Instructions: 303COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ab0ffa581ae49f987acb9b1bca04b9a9e378426b89f686002d56ea1de386bdc0
                                              • Instruction ID: b5cc24d9ad5b37d414c4b4c683e29fa180258c4a5cd4c66a99ceed6608da81fc
                                              • Opcode Fuzzy Hash: ab0ffa581ae49f987acb9b1bca04b9a9e378426b89f686002d56ea1de386bdc0
                                              • Instruction Fuzzy Hash: 1EC158B2A087418FC360DF68DC96BABB7E1BF85318F08492DD1D9C6342E778A155CB46
                                              Function 00996536 Relevance: .3, Instructions: 295COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e09f2466496fd230ed2fb81deb46adb24942387d279617bd2b3d0f3f15e6b7a4
                                              • Instruction ID: d5b277c4e12e23d8d78a7d87b894fccf36feef423704c0865eeb646f49c7f146
                                              • Opcode Fuzzy Hash: e09f2466496fd230ed2fb81deb46adb24942387d279617bd2b3d0f3f15e6b7a4
                                              • Instruction Fuzzy Hash: CFB100B4600B408FD721DF28C991B27BBF5AF46704F54885DE8AA8BB52E335F805CB55
                                              Function 009CA0D0 Relevance: .3, Instructions: 282COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 430110630e48cede102332fd673fcfe741c595022bf0809ee3d22bcbf9beabfe
                                              • Instruction ID: 2163520c0e2a250a903f739e24bac31b6fb45de2b92db38a05e0648f9b9c5e12
                                              • Opcode Fuzzy Hash: 430110630e48cede102332fd673fcfe741c595022bf0809ee3d22bcbf9beabfe
                                              • Instruction Fuzzy Hash: A5818C34A093458BD724DF28C890F2AB7E9EF89758F55892CE5858B252E731EC50CB93
                                              Function 009942FC Relevance: .2, Instructions: 206COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a0a8ee2515e952ec6e6f498def20ac89cb9dc303c8473176428dc08042b22fb7
                                              • Instruction ID: 2c1c588c60d4815c6aaf27c1dc9062228f3d4b5344c24c9eb84c1a063f96aa7f
                                              • Opcode Fuzzy Hash: a0a8ee2515e952ec6e6f498def20ac89cb9dc303c8473176428dc08042b22fb7
                                              • Instruction Fuzzy Hash: 6B81E0B4811B00AFD360EF39D947B57BEF4AB06201F404A1DE4EA97694E7306419CBE3
                                              Function 009BE8A0 Relevance: .2, Instructions: 189COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                              • Instruction ID: 94446e0ae076ff25735bd878d4af9ad737986c131136cbd3bf3997320a07ee92
                                              • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                              • Instruction Fuzzy Hash: AC517CB16087548FE314DF69D49479BBBE5BBC5318F044E2DE4E983351E379DA088B82
                                              Function 00985A50 Relevance: .2, Instructions: 163COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 77aed23c5859b97caa715c0e97af0efcd4b8dbb48ba676013e944e23dbb70ec3
                                              • Instruction ID: 5703f48452536ee8ddd1cf4c328957e4a9fbf944e723fe47eab69d76b4fd14bc
                                              • Opcode Fuzzy Hash: 77aed23c5859b97caa715c0e97af0efcd4b8dbb48ba676013e944e23dbb70ec3
                                              • Instruction Fuzzy Hash: 5251F4B5A047049FC714EF14D881D2AB7A5FF85324F164A6CF89A9B352D730EC46CB92
                                              Function 009C9B60 Relevance: .1, Instructions: 140COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 865648deb641c4dd3cae9fe0a45118aab8f467c317b78c6bd55374e8c6cd41ae
                                              • Instruction ID: 5c7c7d20d3dbafbde92638fa047ac71e8530f6cf935b604203ecff1b58cd0577
                                              • Opcode Fuzzy Hash: 865648deb641c4dd3cae9fe0a45118aab8f467c317b78c6bd55374e8c6cd41ae
                                              • Instruction Fuzzy Hash: 2741AF34A49300ABD710DB14D994F2AB7EAEB85714F25882CF5CA97291D335EC40CBA3
                                              Function 00992030 Relevance: .1, Instructions: 136COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 05cb87d21711eebedb6d52b750601e4607a1ededf2d71cad24445b4085919536
                                              • Instruction ID: 2741d5412ab8bb93eca76c3fae2b95f331942f7558f84eb34ab9ec92aa5b6f22
                                              • Opcode Fuzzy Hash: 05cb87d21711eebedb6d52b750601e4607a1ededf2d71cad24445b4085919536
                                              • Instruction Fuzzy Hash: 2E41F772A0C3655FD75CCF2D849463ABBE2ABC5300F09862EE4DA873D0DA748945DB81
                                              Function 00991E93 Relevance: .1, Instructions: 131COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1672b3e32a7a388955dc3f1e185c2f5e6e3613897a45c26cdf74b2d20c21599b
                                              • Instruction ID: d89ab5bbc85f27b1454f091b7945d4d6b7d3175769b7836037532852dcc34fc4
                                              • Opcode Fuzzy Hash: 1672b3e32a7a388955dc3f1e185c2f5e6e3613897a45c26cdf74b2d20c21599b
                                              • Instruction Fuzzy Hash: 6841EE7450C380ABD720AB59C884B2EFBF9FB9A344F14491DF6C497292C376E8148F66
                                              Function 0099D961 Relevance: .1, Instructions: 121COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cf7b459c50559f0e0874152c18130420c1466bfeafe38dcac33fa68820be3e0c
                                              • Instruction ID: 13faa213182e6936306b5e88cc1a4c4b0a8fc20778b65f352164557c06e75317
                                              • Opcode Fuzzy Hash: cf7b459c50559f0e0874152c18130420c1466bfeafe38dcac33fa68820be3e0c
                                              • Instruction Fuzzy Hash: A7419CB554A3818BDB309F14C881BAFB7B4FFA6364F08095DE48A8B7A1E7744940CB57
                                              Function 009849A0 Relevance: .1, Instructions: 95COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0ee122a49834589fd6e39718d65d0040eca334daf207fc2b6e37478eade29261
                                              • Instruction ID: 78dc0d495c77de6ba6047bb0c1cf647c115272b7258ae7f31f75f790c45dd358
                                              • Opcode Fuzzy Hash: 0ee122a49834589fd6e39718d65d0040eca334daf207fc2b6e37478eade29261
                                              • Instruction Fuzzy Hash: 0131F931648202DBD714AF18D880A2BB7E5EFC4359F18892DE89ACF341E336DC42CB46
                                              Function 009C5700 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: eb15660f04323b794eae31cddea838ebe3c0384d0a016d7fc44722e86ddb9a23
                                              • Instruction ID: 812e56c3107b4fe1af787d758345c8c8ce70fc623ed02eb3739f4183bc539a7f
                                              • Opcode Fuzzy Hash: eb15660f04323b794eae31cddea838ebe3c0384d0a016d7fc44722e86ddb9a23
                                              • Instruction Fuzzy Hash: 3B119E7591D240EBC301AF28E845F1BBBF5AF86711F45882CE4C49B261D335E990CB93
                                              Function 00986EA0 Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 28f9645fe48e0f44685114cbc3479074f894eb7a2421cb6a0a878189484f31f1
                                              • Instruction ID: 187154b139156c3b7d266a4638401be683c95c17977f9bb370168f60c5e2fbe9
                                              • Opcode Fuzzy Hash: 28f9645fe48e0f44685114cbc3479074f894eb7a2421cb6a0a878189484f31f1
                                              • Instruction Fuzzy Hash: 7CF0BB3A7692190B6210DDABE884837B39AD7D5355F145538EA41D3301DE71E8055291
                                              Function 0099C5F0 Relevance: .0, Instructions: 42COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                              • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                              • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                              • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                              Function 0099B410 Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                              • Instruction ID: 969a331e4adf05d025c56cb22cb02a82e7976b5e5f49332b5a32304761561a79
                                              • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                              • Instruction Fuzzy Hash: 55F0ECB160451067DF228A9CACC0F37BB9CCB87354F190426E84557143D2A55845C7F5
                                              Function 00991ACD Relevance: .0, Instructions: 14COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b5dbba5d82b86af4903b47d4c354767ec8aa2756cdb4ac0c137cf9a96115c0cd
                                              • Instruction ID: 1b6858da118020e8b3006d07f524e09f21cdd2df892b3cff8864bf6243d3d652
                                              • Opcode Fuzzy Hash: b5dbba5d82b86af4903b47d4c354767ec8aa2756cdb4ac0c137cf9a96115c0cd
                                              • Instruction Fuzzy Hash: 87C01234AAE0018B82088F04A8A9832A7B9A30A308740602ADA02E3631CA20C80AA909
                                              Function 00991A3C Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2057963616.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                              • Associated: 00000000.00000002.2057947422.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2057997382.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058015115.00000000009EC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058112831.0000000000B4A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058127142.0000000000B4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058144770.0000000000B71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058176443.0000000000B7C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058189750.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058203785.0000000000B87000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058216233.0000000000B88000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058228522.0000000000B89000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058241274.0000000000B8B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058253535.0000000000B8C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058266220.0000000000B8E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058280652.0000000000B98000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058293619.0000000000B99000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058307996.0000000000BA2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058322956.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058335698.0000000000BB2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058348411.0000000000BB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058364247.0000000000BB4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058377490.0000000000BB6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058394864.0000000000BCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058408037.0000000000BCF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058420591.0000000000BD0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058434889.0000000000BD4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058449175.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058463073.0000000000BD9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058475733.0000000000BDA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058491758.0000000000BDF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058507352.0000000000BEB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058520291.0000000000BEC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058535672.0000000000BF3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058552838.0000000000BF6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058570169.0000000000BF7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058584265.0000000000BF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058599241.0000000000C01000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058614835.0000000000C02000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058632286.0000000000C09000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058648312.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058665140.0000000000C0B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058680661.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058700767.0000000000C2B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058714999.0000000000C2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058740983.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058756223.0000000000C56000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058800807.0000000000C6A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058814719.0000000000C6B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058834107.0000000000C82000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058851143.0000000000C83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C84000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058864949.0000000000C8A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058897121.0000000000C98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2058918154.0000000000C99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_980000_file.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e1b2f6648e32e3cbc9170f2c9cebbdb93cf112ab3df0b06bf0f03a14c609ffae
                                              • Instruction ID: d479070ce360c0755beaf89a6cedec84e12a4c1cac33edfcb24e8b1172b02018
                                              • Opcode Fuzzy Hash: e1b2f6648e32e3cbc9170f2c9cebbdb93cf112ab3df0b06bf0f03a14c609ffae
                                              • Instruction Fuzzy Hash: DAC04C24EAD0418A86488E8AA8A5831A6A95306308710343A9602E7671C560D4099509