Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MysticThumbs4.2.0 Patch.exe

Overview

General Information

Sample name:MysticThumbs4.2.0 Patch.exe
Analysis ID:1544637
MD5:204728b183383e9e064ccb65fba64408
SHA1:d8b1b2bd56de42db44013e23d84e3aacdee202db
SHA256:4639a785aa9db39e1823df53c9c25195d41bcbcc05245d068058b64512f1bcff
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • MysticThumbs4.2.0 Patch.exe (PID: 7372 cmdline: "C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exe" MD5: 204728B183383E9E064CCB65FBA64408)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: MysticThumbs4.2.0 Patch.exeAvira: detected
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\E_N60005\krnln.fnrReversingLabs: Detection: 35%
Multi AV Scanner detection for submitted file
Source: MysticThumbs4.2.0 Patch.exeReversingLabs: Detection: 73%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: MysticThumbs4.2.0 Patch.exeJoe Sandbox ML: detected
Source: MysticThumbs4.2.0 Patch.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_100655A0 FindFirstFileA,FindClose,0_2_100655A0
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_10065610 FindFirstFileA,FindClose,0_2_10065610
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 4x nop then push esi0_2_1008D06A
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmp, MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.00000000049AB000.00000004.00000020.00020000.00000000.sdmp, krnln.fnr.0.drString found in binary or memory: http://dywt.com.cn
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004AE6000.00000004.00000020.00020000.00000000.sdmp, dp1.fne.0.drString found in binary or memory: http://dywt.com.cn/RSATool2v14.rar
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1321710760.0000000002560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.52pojie.cn/
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004B06000.00000004.00000020.00020000.00000000.sdmp, eAPI.fne.0.drString found in binary or memory: http://www.baidu.com
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004B06000.00000004.00000020.00020000.00000000.sdmp, eAPI.fne.0.drString found in binary or memory: http://www.baidu.comtest
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004B06000.00000004.00000020.00020000.00000000.sdmp, MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004AE6000.00000004.00000020.00020000.00000000.sdmp, dp1.fne.0.dr, eAPI.fne.0.drString found in binary or memory: http://www.eyuyan.com
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004B01000.00000004.00000020.00020000.00000000.sdmp, dp1.fne.0.drString found in binary or memory: http://www.eyuyan.comDVarFileInfo$
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004B06000.00000004.00000020.00020000.00000000.sdmp, MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004AE6000.00000004.00000020.00020000.00000000.sdmp, dp1.fne.0.dr, eAPI.fne.0.drString found in binary or memory: http://www.eyuyan.comservice
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_10089250 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_10089250
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_10089250 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_10089250
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_100893A0 OpenClipboard,GetClipboardData,CloseClipboard,GlobalSize,GlobalLock,GlobalUnlock,CloseClipboard,0_2_100893A0
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_100BD010 IsWindowEnabled,TranslateAcceleratorA,IsChild,GetFocus,PostMessageA,PostMessageA,SendMessageA,IsChild,IsWindow,IsWindowVisible,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetParent,SendMessageA,WinHelpA,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,IsWindow,0_2_100BD010

System Summary

barindex
PE file contains section with special chars
Source: MysticThumbs4.2.0 Patch.exeStatic PE information: section name:
Source: MysticThumbs4.2.0 Patch.exeStatic PE information: section name: .idata
Source: MysticThumbs4.2.0 Patch.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044A0470_2_0044A047
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C60480_2_004C6048
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004DF0470_2_004DF047
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004BF0440_2_004BF044
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047B0540_2_0047B054
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004870540_2_00487054
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049506B0_2_0049506B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005010720_2_00501072
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046F0620_2_0046F062
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049706E0_2_0049706E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E60690_2_004E6069
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044B0680_2_0044B068
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005090620_2_00509062
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D107E0_2_004D107E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D50700_2_004D5070
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E300B0_2_004E300B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046700F0_2_0046700F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050B01C0_2_0050B01C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043100E0_2_0043100E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0045500A0_2_0045500A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D301F0_2_004D301F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004EA01A0_2_004EA01A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004600250_2_00460025
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0048A0200_2_0048A020
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004430280_2_00443028
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043402E0_2_0043402E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004BA03B0_2_004BA03B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004490360_2_00449036
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050702B0_2_0050702B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B90C20_2_004B90C2
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004AF0C00_2_004AF0C0
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F00DD0_2_004F00DD
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004370DC0_2_004370DC
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0045C0E20_2_0045C0E2
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F70E50_2_004F70E5
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043C0F10_2_0043C0F1
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004AB0F30_2_004AB0F3
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F60F50_2_004F60F5
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043B0830_2_0043B083
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0048108C0_2_0048108C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F80860_2_004F8086
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004790910_2_00479091
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E20960_2_004E2096
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047209E0_2_0047209E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043A0990_2_0043A099
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047E0A60_2_0047E0A6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0056E0B00_2_0056E0B0
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004A80A50_2_004A80A5
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0045E0B60_2_0045E0B6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0048D0B10_2_0048D0B1
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005690AA0_2_005690AA
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047B1460_2_0047B146
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049914C0_2_0049914C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B61470_2_004B6147
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004ED1550_2_004ED155
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B31560_2_004B3156
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004DB16D0_2_004DB16D
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004681650_2_00468165
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004EF1610_2_004EF161
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049517B0_2_0049517B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004A21790_2_004A2179
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049D1040_2_0049D104
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050A11F0_2_0050A11F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004801140_2_00480114
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004FB12D0_2_004FB12D
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0048E12B0_2_0048E12B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004CA12F0_2_004CA12F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004401200_2_00440120
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004AD12E0_2_004AD12E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004771220_2_00477122
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0057D13F0_2_0057D13F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C81260_2_004C8126
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046D1280_2_0046D128
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004611370_2_00461137
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004661340_2_00466134
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050C1260_2_0050C126
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B21320_2_004B2132
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C01CB0_2_004C01CB
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D01DC0_2_004D01DC
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F91DB0_2_004F91DB
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043E1D80_2_0043E1D8
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043D1F30_2_0043D1F3
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004DE1FF0_2_004DE1FF
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046C1FB0_2_0046C1FB
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004781FA0_2_004781FA
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0048418A0_2_0048418A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004701840_2_00470184
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004EB1880_2_004EB188
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004EC1870_2_004EC187
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0051219B0_2_0051219B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043418F0_2_0043418F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005021880_2_00502188
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D21960_2_004D2196
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F51900_2_004F5190
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004FD1A80_2_004FD1A8
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004421A90_2_004421A9
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B51A40_2_004B51A4
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004851BC0_2_004851BC
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004591BD0_2_004591BD
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004CF1B60_2_004CF1B6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004482420_2_00448242
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047124D0_2_0047124D
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E92420_2_004E9242
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047B2540_2_0047B254
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004832560_2_00483256
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0042F2690_2_0042F269
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004FF2730_2_004FF273
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0048B20A0_2_0048B20A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0042D21D0_2_0042D21D
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E123D0_2_004E123D
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047F2300_2_0047F230
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D423A0_2_004D423A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B72320_2_004B7232
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044C2C80_2_0044C2C8
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004BB2C70_2_004BB2C7
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005092CF0_2_005092CF
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D72E90_2_004D72E9
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004332E40_2_004332E4
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C92E50_2_004C92E5
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F42F90_2_004F42F9
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044E2FE0_2_0044E2FE
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004442F90_2_004442F9
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0042A2FD0_2_0042A2FD
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005112910_2_00511291
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0042E2920_2_0042E292
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004382970_2_00438297
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049B29E0_2_0049B29E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004A12960_2_004A1296
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C42AC0_2_004C42AC
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050A2B00_2_0050A2B0
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004302B30_2_004302B3
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004362B40_2_004362B4
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005132A80_2_005132A8
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F32B10_2_004F32B1
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004353430_2_00435343
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047434F0_2_0047434F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0048C3400_2_0048C340
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F13470_2_004F1347
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004413480_2_00441348
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050535C0_2_0050535C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0045035C0_2_0045035C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0045B35B0_2_0045B35B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004893690_2_00489369
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004A536C0_2_004A536C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047A37E0_2_0047A37E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004553070_2_00455307
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046930F0_2_0046930F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049F31B0_2_0049F31B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B131D0_2_004B131D
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004BD3260_2_004BD326
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004DA33D0_2_004DA33D
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004533330_2_00453333
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049333F0_2_0049333F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004623CF0_2_004623CF
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004BF3C40_2_004BF3C4
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004FC3DD0_2_004FC3DD
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046F3D50_2_0046F3D5
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C33D80_2_004C33D8
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005003C40_2_005003C4
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049A3D30_2_0049A3D3
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005073CD0_2_005073CD
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005173F60_2_005173F6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0045A3EB0_2_0045A3EB
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004FE3FE0_2_004FE3FE
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004863FD0_2_004863FD
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004DC3F80_2_004DC3F8
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004763F10_2_004763F1
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004513FD0_2_004513FD
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044B3F90_2_0044B3F9
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0048838B0_2_0048838B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004523820_2_00452382
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047538D0_2_0047538D
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049E3830_2_0049E383
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D13810_2_004D1381
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E439C0_2_004E439C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C239B0_2_004C239B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004963940_2_00496394
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004AC3970_2_004AC397
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004DB3AE0_2_004DB3AE
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043F3AF0_2_0043F3AF
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E33BE0_2_004E33BE
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004664460_2_00466446
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004FD44E0_2_004FD44E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049944F0_2_0049944F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050B4570_2_0050B457
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004564560_2_00456456
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B04530_2_004B0453
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004A74540_2_004A7454
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004454610_2_00445461
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047746A0_2_0047746A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E847E0_2_004E847E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F847A0_2_004F847A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0045F47A0_2_0045F47A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049C40F0_2_0049C40F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004584090_2_00458409
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B64050_2_004B6405
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049B4060_2_0049B406
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050D4050_2_0050D405
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047D4100_2_0047D410
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E04190_2_004E0419
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005144080_2_00514408
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050440B0_2_0050440B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004BB42F0_2_004BB42F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046042E0_2_0046042E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004304350_2_00430435
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D843B0_2_004D843B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004814370_2_00481437
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004294CB0_2_004294CB
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F74C60_2_004F74C6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004EE4DF0_2_004EE4DF
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004DA4D80_2_004DA4D8
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004884D00_2_004884D0
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F14D70_2_004F14D7
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004A34D60_2_004A34D6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0045E4EC0_2_0045E4EC
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C84E50_2_004C84E5
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049448A0_2_0049448A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004CA4860_2_004CA486
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F64850_2_004F6485
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0062B4AD0_2_0062B4AD
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047149C0_2_0047149C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046349B0_2_0046349B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004984960_2_00498496
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B34AA0_2_004B34AA
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044F4A60_2_0044F4A6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E14A60_2_004E14A6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D54A40_2_004D54A4
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E24A40_2_004E24A4
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B84A60_2_004B84A6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004434AA0_2_004434AA
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047B4BE0_2_0047B4BE
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004AE4B60_2_004AE4B6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B24B70_2_004B24B7
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004494BB0_2_004494BB
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005135580_2_00513558
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B55410_2_004B5541
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004425550_2_00442555
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004EB5520_2_004EB552
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004AD5540_2_004AD554
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B457A0_2_004B457A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0051756C0_2_0051756C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004EC5700_2_004EC570
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004675010_2_00467501
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005025000_2_00502500
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004A45180_2_004A4518
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005105020_2_00510502
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B951E0_2_004B951E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F55170_2_004F5517
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046B51F0_2_0046B51F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050150A0_2_0050150A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047E51B0_2_0047E51B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0048F5160_2_0048F516
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004BC5390_2_004BC539
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043C5360_2_0043C536
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0042F5380_2_0042F538
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047F53B0_2_0047F53B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004795390_2_00479539
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004705C60_2_004705C6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004855C20_2_004855C2
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004375D50_2_004375D5
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005735F70_2_005735F7
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0042E5E20_2_0042E5E2
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050B5F20_2_0050B5F2
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0056C5FB0_2_0056C5FB
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0042C5F30_2_0042C5F3
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044A5F50_2_0044A5F5
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004335F10_2_004335F1
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005125E20_2_005125E2
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004835FD0_2_004835FD
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0057B5EB0_2_0057B5EB
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C05F00_2_004C05F0
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004685F80_2_004685F8
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004725850_2_00472585
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F258C0_2_004F258C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0048D58E0_2_0048D58E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046559C0_2_0046559C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004995970_2_00499597
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004AF5A00_2_004AF5A0
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004875A50_2_004875A5
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F95A10_2_004F95A1
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004DB5A20_2_004DB5A2
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004645B50_2_004645B5
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004925BD0_2_004925BD
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043D5BA0_2_0043D5BA
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047A6440_2_0047A644
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046264B0_2_0046264B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D46570_2_004D4657
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004AB6540_2_004AB654
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004366660_2_00436666
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C36640_2_004C3664
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046C66B0_2_0046C66B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004556750_2_00455675
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050C6670_2_0050C667
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004906770_2_00490677
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0045967A0_2_0045967A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004CE60C0_2_004CE60C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004DE60B0_2_004DE60B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004FC6050_2_004FC605
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004A261B0_2_004A261B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004CC61A0_2_004CC61A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004016220_2_00401622
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044462D0_2_0044462D
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C56260_2_004C5626
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D363F0_2_004D363F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0045D6320_2_0045D632
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044D63C0_2_0044D63C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0048B6310_2_0048B631
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C46330_2_004C4633
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004FA6300_2_004FA630
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004A16CD0_2_004A16CD
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004BA6C10_2_004BA6C1
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046D6D60_2_0046D6D6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004766DE0_2_004766DE
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004EF6D50_2_004EF6D5
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004BD6D40_2_004BD6D4
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C96E70_2_004C96E7
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005156E00_2_005156E0
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0042D6830_2_0042D683
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004576840_2_00457684
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004ED6950_2_004ED695
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004746A70_2_004746A7
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005116A30_2_005116A3
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C16BA0_2_004C16BA
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0042A7460_2_0042A746
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004DF7450_2_004DF745
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004937430_2_00493743
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049A7590_2_0049A759
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044C76D0_2_0044C76D
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E87650_2_004E8765
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004507680_2_00450768
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044E7700_2_0044E770
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F37770_2_004F3777
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046F77C0_2_0046F77C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046E77A0_2_0046E77A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0045A7780_2_0045A778
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D070E0_2_004D070E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D770E0_2_004D770E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004487030_2_00448703
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D271A0_2_004D271A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004BE72A0_2_004BE72A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0048E72C0_2_0048E72C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0048C72D0_2_0048C72D
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0045B7230_2_0045B723
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004EA73F0_2_004EA73F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004417310_2_00441731
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004AC7310_2_004AC731
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0048F7340_2_0048F734
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E77CE0_2_004E77CE
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D87C70_2_004D87C7
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D57C10_2_004D57C1
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047B7D90_2_0047B7D9
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D17ED0_2_004D17ED
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C27E50_2_004C27E5
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004527F40_2_004527F4
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C77F80_2_004C77F8
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004BC7FD0_2_004BC7FD
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004757FA0_2_004757FA
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004BF7F60_2_004BF7F6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B47F50_2_004B47F5
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050E7920_2_0050E792
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B678F0_2_004B678F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0048A78D0_2_0048A78D
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049C7800_2_0049C780
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004517880_2_00451788
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004DD79C0_2_004DD79C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049F79C0_2_0049F79C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004347950_2_00434795
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046979C0_2_0046979C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050078C0_2_0050078C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050778D0_2_0050778D
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004667A70_2_004667A7
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050A7B20_2_0050A7B2
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004FD7A20_2_004FD7A2
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B17B60_2_004B17B6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C984C0_2_004C984C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043184A0_2_0043184A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047184A0_2_0047184A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004498540_2_00449854
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F88560_2_004F8856
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E08540_2_004E0854
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004BD8540_2_004BD854
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043C86F0_2_0043C86F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049987C0_2_0049987C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049487F0_2_0049487F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004A68700_2_004A6870
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F780E0_2_004F780E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004308010_2_00430801
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B88020_2_004B8802
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050681C0_2_0050681C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044080A0_2_0044080A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C68190_2_004C6819
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004DC8130_2_004DC813
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E38280_2_004E3828
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004FC8280_2_004FC828
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004DB8250_2_004DB825
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050D83B0_2_0050D83B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005038230_2_00503823
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E58390_2_004E5839
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004FE8380_2_004FE838
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044583C0_2_0044583C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004628C30_2_004628C3
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004CB8C50_2_004CB8C5
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049E8DD0_2_0049E8DD
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004818E80_2_004818E8
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0048B8ED0_2_0048B8ED
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004AA8EF0_2_004AA8EF
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004438E20_2_004438E2
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047C8EC0_2_0047C8EC
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004898E70_2_004898E7
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D68E20_2_004D68E2
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005088FF0_2_005088FF
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044A8F30_2_0044A8F3
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004658FF0_2_004658FF
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004A88810_2_004A8881
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0051689C0_2_0051689C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B28840_2_004B2884
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044B8950_2_0044B895
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005F288B0_2_005F288B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047F8920_2_0047F892
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F48960_2_004F4896
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004888920_2_00488892
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043A89E0_2_0043A89E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B08AD0_2_004B08AD
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004EE8A80_2_004EE8A8
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004588A80_2_004588A8
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B89480_2_004B8948
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049694D0_2_0049694D
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004339440_2_00433944
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0051495B0_2_0051495B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0045E9480_2_0045E948
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043D94C0_2_0043D94C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004749570_2_00474957
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004EB95D0_2_004EB95D
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043296A0_2_0043296A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043E96E0_2_0043E96E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004879670_2_00487967
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005029610_2_00502961
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0045F97C0_2_0045F97C
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043690B0_2_0043690B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046190A0_2_0046190A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049791B0_2_0049791B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0046F9130_2_0046F913
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004DD9160_2_004DD916
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0045D9190_2_0045D919
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047E9190_2_0047E919
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E79290_2_004E7929
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0048F9200_2_0048F920
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004CA9320_2_004CA932
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0049D9CC0_2_0049D9CC
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004AF9CC0_2_004AF9CC
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004689CE0_2_004689CE
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004799C80_2_004799C8
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004679DB0_2_004679DB
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004859E80_2_004859E8
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044D9ED0_2_0044D9ED
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004569EE0_2_004569EE
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004779E80_2_004779E8
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004809F00_2_004809F0
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047D9FA0_2_0047D9FA
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004B998A0_2_004B998A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0047098F0_2_0047098F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004469900_2_00446990
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F999B0_2_004F999B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050F9850_2_0050F985
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004DE9950_2_004DE995
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004EA9950_2_004EA995
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004DA9910_2_004DA991
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004429A60_2_004429A6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004C39A80_2_004C39A8
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0050B9B40_2_0050B9B4
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D49AB0_2_004D49AB
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004CC9A10_2_004CC9A1
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005109AA0_2_005109AA
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005019AD0_2_005019AD
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D2A4D0_2_004D2A4D
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0045AA460_2_0045AA46
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00444A4D0_2_00444A4D
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004BEA400_2_004BEA40
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004EDA6E0_2_004EDA6E
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E6A7B0_2_004E6A7B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00492A730_2_00492A73
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D8A710_2_004D8A71
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00495A740_2_00495A74
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00491A090_2_00491A09
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0042FA0B0_2_0042FA0B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004E1A040_2_004E1A04
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044FA0A0_2_0044FA0A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004AEA1B0_2_004AEA1B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00463A200_2_00463A20
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00409A270_2_00409A27
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00439A310_2_00439A31
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004F6A380_2_004F6A38
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004CFA350_2_004CFA35
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004D0AC80_2_004D0AC8
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00487AC20_2_00487AC2
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00490AC30_2_00490AC3
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00498AC60_2_00498AC6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0045BAD40_2_0045BAD4
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0044CAD60_2_0044CAD6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0043CAD50_2_0043CAD5
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\E_N60005\eAPI.fne 53483523C316AD8C022C2B07A5CABFFF3339BC5CB5E4AC24C3260EEA4F4D9731
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: String function: 100C330C appears 40 times
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: String function: 10093CF0 appears 37 times
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004B06000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs MysticThumbs4.2.0 Patch.exe
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004B06000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \StringFileInfo\%s\OriginalFilename vs MysticThumbs4.2.0 Patch.exe
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004B06000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: *.*index.datdesktop.ini..\*.*-%luS-1-%luSet cdaudio door closed waitSet cdaudio door open waitGlobalMemoryStatusExKernel32.dll %1%s\shell\%s\command.%s%s\shell\%s%c:%C:%s\%s.lnkSoftware\Microsoft\Windows\CurrentVersion\Run\HistoryLastTermTypeLastServiceLastMachineTermType%dService%dSoftware\Microsoft\TelnetMachine%dSoftware\Microsoft\Windows\CurrentVersion\Explorer\RecentDocsSoftware\Microsoft\Windows\CurrentVersion\Explorer\RunMRUSoftware\Microsoft\RAS Autodial\AddressesSoftware\Microsoft\Internet Explorer\IntelliForms\e161255a-37c3-11d2-bcaa-00c04fd929db\Data\Data\e161255a-37c3-11d2-bcaa-00c04fd929dbSoftware\Microsoft\Protected Storage System Provider\Software\Microsoft\Internet Explorer\TypedURLsntdllNtQuerySystemInformationPerfStats\StopStatPerfStats\StatDataKERNEL\CPUUsagePerfStats\StartStat%s\%sbmpicldllexeicoUntitledSOFTWARE\Microsoft\Internet Explorerx86 Family %s Model %s Stepping %s%08X-%08X-%08X-%08X\StringFileInfo\%s\Comments\StringFileInfo\%s\ProductVersion\StringFileInfo\%s\ProductName\StringFileInfo\%s\OriginalFilename\StringFileInfo\%s\LegalTrademarks\StringFileInfo\%s\LegalCopyright\StringFileInfo\%s\InternalName\StringFileInfo\%s\FileDescription\StringFileInfo\%s\CompanyName\StringFileInfo\%s\FileVersion040904E4000%x, \VarFileInfo\TranslationZwUnmapViewOfSectionZwMapViewOfSectionZwOpenSectionntdll.dll\device\physicalmemory\%s%s\%s\%s.lnkExecHotIconIconButtonTextDefault VisibleYesCLSID{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}Software\Microsoft\Internet Explorer\Extensions\{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}Software\Microsoft\Internet Explorer\Extensions\%sSoftware\Microsoft\Internet Explorer\ExtensionsExt + Alt + Shift + Ctrl + %s,%d%s.lnk.lnkwindowsdevice,,,GetDefaultPrinterAwinspool.drvSetDefaultPrinterATileWallpaperWallpaperStyleWallpaperControl Panel\DesktopShell_TrayWndProgmanRundll32 netplwiz.dll,UsersRunDllrundll32.exe shell32.dll,Control_RunDLL Inetcpl.cpl,,rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,rundll32.exe shell32.dll,Control_RunDLL powercfg.cplrundll32.exe shell32.dll,Control_RunDLL odbccp32.cplrundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,rundll32.exe shell32.dll,Control_RunDLL main.cpl @1,rundll32.exe shell32.dll,Control_RunDLL main.cpl @0,rundll32.exe shell32.dll,Control_RunDLL joy.cpl,,rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL FontsFolderrundll32.exe shell32.dll,Control_RunDLL timedate.cpl,,rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL AddPrinterrundll32.exe shell32.dll,Control_RunDLL access.cpl,,rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,%s%drundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,rundll32.exe shell32.dll,Control_RunDLLSetLayeredWindowAttributesUSER32.DLLDISPLAYMicrosoft Internet ExplorerMSInfo32.exeMSInfoSoftware\Microsoft\Shared Tools LocationPathSoftware\Microsoft\Shared Tools\MSInfoIsHungThreadIsHungAppWindowUser32 vs MysticThumbs4.2.0 Patch.exe
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004B06000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs MysticThumbs4.2.0 Patch.exe
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilename vs MysticThumbs4.2.0 Patch.exe
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.00000000049AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs MysticThumbs4.2.0 Patch.exe
Source: MysticThumbs4.2.0 Patch.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: MysticThumbs4.2.0 Patch.exeStatic PE information: Section: awewbyhg ZLIB complexity 0.9923244254298942
Source: eAPI.fne.0.drBinary string: *.*index.datdesktop.ini..\*.*-%luS-1-%luSet cdaudio door closed waitSet cdaudio door open waitGlobalMemoryStatusExKernel32.dll %1%s\shell\%s\command.%s%s\shell\%s%c:%C:%s\%s.lnkSoftware\Microsoft\Windows\CurrentVersion\Run\HistoryLastTermTypeLastServiceLastMachineTermType%dService%dSoftware\Microsoft\TelnetMachine%dSoftware\Microsoft\Windows\CurrentVersion\Explorer\RecentDocsSoftware\Microsoft\Windows\CurrentVersion\Explorer\RunMRUSoftware\Microsoft\RAS Autodial\AddressesSoftware\Microsoft\Internet Explorer\IntelliForms\e161255a-37c3-11d2-bcaa-00c04fd929db\Data\Data\e161255a-37c3-11d2-bcaa-00c04fd929dbSoftware\Microsoft\Protected Storage System Provider\Software\Microsoft\Internet Explorer\TypedURLsntdllNtQuerySystemInformationPerfStats\StopStatPerfStats\StatDataKERNEL\CPUUsagePerfStats\StartStat%s\%sbmpicldllexeicoUntitledSOFTWARE\Microsoft\Internet Explorerx86 Family %s Model %s Stepping %s%08X-%08X-%08X-%08X\StringFileInfo\%s\Comments\StringFileInfo\%s\ProductVersion\StringFileInfo\%s\ProductName\StringFileInfo\%s\OriginalFilename\StringFileInfo\%s\LegalTrademarks\StringFileInfo\%s\LegalCopyright\StringFileInfo\%s\InternalName\StringFileInfo\%s\FileDescription\StringFileInfo\%s\CompanyName\StringFileInfo\%s\FileVersion040904E4000%x, \VarFileInfo\TranslationZwUnmapViewOfSectionZwMapViewOfSectionZwOpenSectionntdll.dll\device\physicalmemory\%s%s\%s\%s.lnkExecHotIconIconButtonTextDefault VisibleYesCLSID{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}Software\Microsoft\Internet Explorer\Extensions\{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}Software\Microsoft\Internet Explorer\Extensions\%sSoftware\Microsoft\Internet Explorer\ExtensionsExt + Alt + Shift + Ctrl + %s,%d%s.lnk.lnkwindowsdevice,,,GetDefaultPrinterAwinspool.drvSetDefaultPrinterATileWallpaperWallpaperStyleWallpaperControl Panel\DesktopShell_TrayWndProgmanRundll32 netplwiz.dll,UsersRunDllrundll32.exe shell32.dll,Control_RunDLL Inetcpl.cpl,,rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,rundll32.exe shell32.dll,Control_RunDLL powercfg.cplrundll32.exe shell32.dll,Control_RunDLL odbccp32.cplrundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,rundll32.exe shell32.dll,Control_RunDLL main.cpl @1,rundll32.exe shell32.dll,Control_RunDLL main.cpl @0,rundll32.exe shell32.dll,Control_RunDLL joy.cpl,,rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL FontsFolderrundll32.exe shell32.dll,Control_RunDLL timedate.cpl,,rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL AddPrinterrundll32.exe shell32.dll,Control_RunDLL access.cpl,,rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,%s%drundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,rundll32.exe shell32.dll,Control_RunDLLSetLayeredWindowAttributesUSER32.DLLDISPLAYMicrosoft Internet ExplorerMSInfo32.exeMSInfoSoftware\Microsoft\Shared Tools LocationPathSoftware\Microsoft\Shared Tools\MSInfoIsHungThreadIsHungAppWindowUser32
Source: classification engineClassification label: mal100.evad.winEXE@1/3@0/0
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_10065140 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceA,MulDiv,0_2_10065140
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeFile created: C:\Users\user~1\AppData\Local\Temp\E_N60005Jump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: MysticThumbs4.2.0 Patch.exeReversingLabs: Detection: 73%
Source: MysticThumbs4.2.0 Patch.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeFile read: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: olepro32.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSection loaded: textshaping.dllJump to behavior
Source: MysticThumbs4.2.0 Patch.exeStatic file information: File size 2422974 > 1048576
Source: MysticThumbs4.2.0 Patch.exeStatic PE information: Raw size of awewbyhg is bigger than: 0x100000 < 0x17a000

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeUnpacked PE file: 0.2.MysticThumbs4.2.0 Patch.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;awewbyhg:EW;ulosnzww:EW; vs :ER;.rsrc:W;dU9:W; :EW;awewbyhg:EW;ulosnzww:EW;
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_100D5263 GetModuleHandleA,LoadLibraryA,GetProcAddress,#17,#17,FreeLibrary,0_2_100D5263
Source: initial sampleStatic PE information: section where entry point is pointing to: ulosnzww
Source: MysticThumbs4.2.0 Patch.exeStatic PE information: section name:
Source: MysticThumbs4.2.0 Patch.exeStatic PE information: section name: .idata
Source: MysticThumbs4.2.0 Patch.exeStatic PE information: section name:
Source: MysticThumbs4.2.0 Patch.exeStatic PE information: section name: awewbyhg
Source: MysticThumbs4.2.0 Patch.exeStatic PE information: section name: ulosnzww
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00422041 push ebp; mov dword ptr [esp], edx0_2_004220B9
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00618065 push eax; mov dword ptr [esp], ebp0_2_0061808A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00618065 push edi; mov dword ptr [esp], 7C99C576h0_2_006180B1
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0042704D push ebp; mov dword ptr [esp], 401234F2h0_2_00427057
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_005D9019 push ebp; mov dword ptr [esp], edi0_2_005D95DE
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00420005 push edi; mov dword ptr [esp], esi0_2_0042001A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0042200D push ebp; mov dword ptr [esp], edx0_2_004220B9
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00424017 push ebp; mov dword ptr [esp], edx0_2_00424F4B
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00424017 push ecx; mov dword ptr [esp], eax0_2_00425A17
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0042601A push ecx; mov dword ptr [esp], ebp0_2_0042602A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0042502C push 5BA53402h; mov dword ptr [esp], ebx0_2_00428C3F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004250CD push ebp; mov dword ptr [esp], ebx0_2_00428F65
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_004260DD push ebx; mov dword ptr [esp], edi0_2_004260DE
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00424084 push eax; mov dword ptr [esp], 3C841B83h0_2_00425662
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00421088 push edi; mov dword ptr [esp], 50BF9100h0_2_004210CD
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_006110B2 push ebp; mov dword ptr [esp], ecx0_2_006110D9
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_006110B2 push 08BF8858h; mov dword ptr [esp], eax0_2_0061110A
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00424097 push 0474F7D2h; mov dword ptr [esp], eax0_2_004245D3
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00424097 push ebx; mov dword ptr [esp], 61DA1009h0_2_00424ED3
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00424097 push esi; mov dword ptr [esp], 3A726B48h0_2_00425DFB
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00424097 push edx; mov dword ptr [esp], ecx0_2_00428A8F
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00424097 push 30AC2B00h; mov dword ptr [esp], eax0_2_00428B43
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0056E0B0 push edx; mov dword ptr [esp], ebx0_2_0056E0DF
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0056E0B0 push ebx; mov dword ptr [esp], edx0_2_0056E1A6
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0056E0B0 push edi; mov dword ptr [esp], ebx0_2_0056E2A1
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0056E0B0 push edi; mov dword ptr [esp], ecx0_2_0056E2FC
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0056E0B0 push ecx; mov dword ptr [esp], esi0_2_0056E322
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0056E0B0 push 646327D4h; mov dword ptr [esp], ebp0_2_0056E351
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0056E0B0 push ecx; mov dword ptr [esp], 5047BBC0h0_2_0056E3DA
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0056E0B0 push 0D27D3FBh; mov dword ptr [esp], esi0_2_0056E469
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_0056E0B0 push edi; mov dword ptr [esp], eax0_2_0056E4CF
Source: MysticThumbs4.2.0 Patch.exeStatic PE information: section name: entropy: 7.769714016837807
Source: MysticThumbs4.2.0 Patch.exeStatic PE information: section name: awewbyhg entropy: 7.951787681950419
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeFile created: C:\Users\user\AppData\Local\Temp\E_N60005\krnln.fnrJump to dropped file
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeFile created: C:\Users\user\AppData\Local\Temp\E_N60005\dp1.fneJump to dropped file
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeFile created: C:\Users\user\AppData\Local\Temp\E_N60005\eAPI.fneJump to dropped file
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeFile created: C:\Users\user\AppData\Local\Temp\E_N60005\krnln.fnrJump to dropped file
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeFile created: C:\Users\user\AppData\Local\Temp\E_N60005\dp1.fneJump to dropped file
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeFile created: C:\Users\user\AppData\Local\Temp\E_N60005\eAPI.fneJump to dropped file

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_10059E80 IsWindow,IsIconic,SetActiveWindow,IsWindow,IsWindow,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,SetParent,SetWindowPos,IsWindow,SendMessageA,SendMessageA,DestroyAcceleratorTable,IsWindow,IsWindow,IsWindow,IsWindow,IsWindow,GetParent,GetFocus,IsWindow,SendMessageA,IsWindow,GetFocus,SetFocus,0_2_10059E80
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_100B9F40 DestroyCursor,IsWindowVisible,IsIconic,IsZoomed,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMenu,DeleteMenu,GetSystemMenu,0_2_100B9F40
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 58421E second address: 584222 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 584222 second address: 58424C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F54D04F50FEh 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F54D04F5102h 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 58424C second address: 584250 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 583102 second address: 58311B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F54D04F50FBh 0x00000008 jne 00007F54D04F50F6h 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 58311B second address: 58311F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5832AF second address: 5832B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5832B5 second address: 5832BF instructions: 0x00000000 rdtsc 0x00000002 ja 00007F54D0D8D9B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5832BF second address: 5832C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5832C5 second address: 5832D1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5832D1 second address: 5832D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5835DD second address: 5835F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F54D0D8D9B8h 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5835F2 second address: 583605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F54D04F50FEh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 583605 second address: 583615 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F54D0D8D9B6h 0x0000000a jne 00007F54D0D8D9B6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 583615 second address: 583619 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 583AAF second address: 583AC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F54D0D8D9BCh 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 583AC2 second address: 583ACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 583ACB second address: 583AE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F54D0D8D9C3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 585450 second address: 585458 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 585458 second address: 58548C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c jmp 00007F54D0D8D9C5h 0x00000011 popad 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F54D0D8D9BCh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 58548C second address: 5854A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F50FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007F54D04F50F8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5854A6 second address: 5854AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5854AC second address: 5854B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 585861 second address: 585865 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 585865 second address: 5858E4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 xor dword ptr [esp], 70445C00h 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F54D04F50F8h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 lea ebx, dword ptr [ebp+0CA473C3h] 0x0000002e push 00000000h 0x00000030 push ecx 0x00000031 call 00007F54D04F50F8h 0x00000036 pop ecx 0x00000037 mov dword ptr [esp+04h], ecx 0x0000003b add dword ptr [esp+04h], 0000001Dh 0x00000043 inc ecx 0x00000044 push ecx 0x00000045 ret 0x00000046 pop ecx 0x00000047 ret 0x00000048 jmp 00007F54D04F50FDh 0x0000004d xchg eax, ebx 0x0000004e jmp 00007F54D04F50FAh 0x00000053 push eax 0x00000054 push eax 0x00000055 push edx 0x00000056 jng 00007F54D04F50F8h 0x0000005c push ebx 0x0000005d pop ebx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 56DB99 second address: 56DBAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F54D0D8D9BDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 56DBAA second address: 56DC20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5106h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F54D04F5106h 0x0000000e popad 0x0000000f pushad 0x00000010 jp 00007F54D04F50FCh 0x00000016 jns 00007F54D04F50F6h 0x0000001c push edi 0x0000001d jmp 00007F54D04F50FEh 0x00000022 pop edi 0x00000023 jbe 00007F54D04F5111h 0x00000029 jng 00007F54D04F50F6h 0x0000002f jmp 00007F54D04F5105h 0x00000034 pushad 0x00000035 push ecx 0x00000036 pop ecx 0x00000037 pushad 0x00000038 popad 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A2A73 second address: 5A2A77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A2A77 second address: 5A2A8B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F54D04F50F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F54D04F50F6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A2A8B second address: 5A2AAC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F54D0D8D9C5h 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A2AAC second address: 5A2AB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A2BEA second address: 5A2BF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A2BF0 second address: 5A2C02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jmp 00007F54D04F50FAh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A2C02 second address: 5A2C09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A2E98 second address: 5A2EE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F54D04F5108h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jmp 00007F54D04F5102h 0x00000011 pop ecx 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007F54D04F5104h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A2EE3 second address: 5A2EE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A305E second address: 5A306E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F54D04F50F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A306E second address: 5A307E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jl 00007F54D0D8D9B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A307E second address: 5A3084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A3084 second address: 5A3088 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A3088 second address: 5A3092 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A31AD second address: 5A31C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 jns 00007F54D0D8D9B6h 0x0000000c jc 00007F54D0D8D9B6h 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A31C0 second address: 5A31E0 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F54D04F50FEh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F54D04F50FAh 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A3313 second address: 5A3319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A3319 second address: 5A332F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F54D04F50FEh 0x0000000a push edi 0x0000000b pop edi 0x0000000c jns 00007F54D04F50F6h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A332F second address: 5A3340 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F54D0D8D9BDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A3619 second address: 5A361D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 574689 second address: 5746A2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F54D0D8D9C4h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A4362 second address: 5A436B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A436B second address: 5A436F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A436F second address: 5A4387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F54D04F5102h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A4387 second address: 5A438C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A4B38 second address: 5A4B3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A4B3E second address: 5A4B4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5A4B4A second address: 5A4B4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 57613B second address: 576169 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F54D0D8D9B8h 0x00000008 jno 00007F54D0D8D9CCh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 576169 second address: 576171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5AA2D8 second address: 5AA2E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5AB3C4 second address: 5AB3C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5AB3C8 second address: 5AB3CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B04D2 second address: 5B04D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B04D9 second address: 5B04DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B0747 second address: 5B074B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B074B second address: 5B0753 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B2ACF second address: 5B2ADD instructions: 0x00000000 rdtsc 0x00000002 jns 00007F54D04F50F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B2ADD second address: 5B2AE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B2AE1 second address: 5B2AE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B2D10 second address: 5B2D44 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F54D0D8D9C0h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edi 0x0000000d pushad 0x0000000e jmp 00007F54D0D8D9C9h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B330D second address: 5B3311 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B3311 second address: 5B334B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F54D0D8D9C3h 0x0000000b popad 0x0000000c mov dword ptr [esp], ebx 0x0000000f mov si, 18BBh 0x00000013 nop 0x00000014 jnc 00007F54D0D8D9C2h 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push esi 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B334B second address: 5B3350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B33FB second address: 5B3400 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B3DCD second address: 5B3E6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 jmp 00007F54D04F50FEh 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F54D04F50F8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 je 00007F54D04F50FBh 0x0000002d adc si, ADDDh 0x00000032 movzx edi, dx 0x00000035 push 00000000h 0x00000037 sub si, D847h 0x0000003c push 00000000h 0x0000003e push 00000000h 0x00000040 push ebp 0x00000041 call 00007F54D04F50F8h 0x00000046 pop ebp 0x00000047 mov dword ptr [esp+04h], ebp 0x0000004b add dword ptr [esp+04h], 00000016h 0x00000053 inc ebp 0x00000054 push ebp 0x00000055 ret 0x00000056 pop ebp 0x00000057 ret 0x00000058 call 00007F54D04F50FFh 0x0000005d push ebx 0x0000005e sub dword ptr [ebp+0C8E25BAh], edi 0x00000064 pop esi 0x00000065 pop edi 0x00000066 xchg eax, ebx 0x00000067 pushad 0x00000068 jmp 00007F54D04F5100h 0x0000006d push edx 0x0000006e push eax 0x0000006f push edx 0x00000070 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B3E6A second address: 5B3E77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B3E77 second address: 5B3E7D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B3E7D second address: 5B3E83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B3E83 second address: 5B3E87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B486C second address: 5B4874 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B4874 second address: 5B489C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5108h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F54D04F50F8h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B489C second address: 5B48A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B48A2 second address: 5B48A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B5067 second address: 5B506C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B62E6 second address: 5B636D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F54D04F50FCh 0x00000008 jmp 00007F54D04F50FDh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007F54D04F50F8h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d add esi, dword ptr [ebp+0C8E1BFCh] 0x00000033 push 00000000h 0x00000035 mov edi, dword ptr [ebp+0C8E272Fh] 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push edx 0x00000040 call 00007F54D04F50F8h 0x00000045 pop edx 0x00000046 mov dword ptr [esp+04h], edx 0x0000004a add dword ptr [esp+04h], 00000016h 0x00000052 inc edx 0x00000053 push edx 0x00000054 ret 0x00000055 pop edx 0x00000056 ret 0x00000057 push eax 0x00000058 pushad 0x00000059 jp 00007F54D04F5103h 0x0000005f jmp 00007F54D04F50FDh 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B7850 second address: 5B78C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov dword ptr [esp], eax 0x0000000d movsx esi, si 0x00000010 push 00000000h 0x00000012 cld 0x00000013 add dword ptr [ebp+0C8E1839h], edi 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ecx 0x0000001e call 00007F54D0D8D9B8h 0x00000023 pop ecx 0x00000024 mov dword ptr [esp+04h], ecx 0x00000028 add dword ptr [esp+04h], 0000001Ah 0x00000030 inc ecx 0x00000031 push ecx 0x00000032 ret 0x00000033 pop ecx 0x00000034 ret 0x00000035 jmp 00007F54D0D8D9C1h 0x0000003a jmp 00007F54D0D8D9C9h 0x0000003f push eax 0x00000040 push eax 0x00000041 push ecx 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B6B01 second address: 5B6B06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B6B06 second address: 5B6B2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jo 00007F54D0D8D9C4h 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B6B2D second address: 5B6B31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B8CCC second address: 5B8D5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnl 00007F54D0D8D9B6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F54D0D8D9C2h 0x00000012 nop 0x00000013 mov dword ptr [ebp+0C8E29A7h], ecx 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ecx 0x0000001e call 00007F54D0D8D9B8h 0x00000023 pop ecx 0x00000024 mov dword ptr [esp+04h], ecx 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc ecx 0x00000031 push ecx 0x00000032 ret 0x00000033 pop ecx 0x00000034 ret 0x00000035 add edi, dword ptr [ebp+0C8E3563h] 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push esi 0x00000040 call 00007F54D0D8D9B8h 0x00000045 pop esi 0x00000046 mov dword ptr [esp+04h], esi 0x0000004a add dword ptr [esp+04h], 00000015h 0x00000052 inc esi 0x00000053 push esi 0x00000054 ret 0x00000055 pop esi 0x00000056 ret 0x00000057 mov edi, 3503438Bh 0x0000005c xchg eax, ebx 0x0000005d je 00007F54D0D8D9BEh 0x00000063 jl 00007F54D0D8D9B8h 0x00000069 pushad 0x0000006a popad 0x0000006b push eax 0x0000006c push eax 0x0000006d push edx 0x0000006e pushad 0x0000006f pushad 0x00000070 popad 0x00000071 jmp 00007F54D0D8D9BCh 0x00000076 popad 0x00000077 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B75BE second address: 5B75C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B8D5F second address: 5B8D65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B8D65 second address: 5B8D69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B9599 second address: 5B959D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5BA921 second address: 5BA928 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B959D second address: 5B95A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5BC954 second address: 5BC959 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5BA9DD second address: 5BA9E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5BDA5C second address: 5BDA61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5BE8FE second address: 5BE903 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5BF890 second address: 5BF94F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5109h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a nop 0x0000000b call 00007F54D04F50FFh 0x00000010 pop ebx 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F54D04F50F8h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d mov ebx, dword ptr [ebp+0C8E2520h] 0x00000033 mov dword ptr [ebp+0C8E1BB4h], eax 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push edi 0x0000003e call 00007F54D04F50F8h 0x00000043 pop edi 0x00000044 mov dword ptr [esp+04h], edi 0x00000048 add dword ptr [esp+04h], 0000001Bh 0x00000050 inc edi 0x00000051 push edi 0x00000052 ret 0x00000053 pop edi 0x00000054 ret 0x00000055 sbb bx, 10C1h 0x0000005a xor ebx, dword ptr [ebp+0C8E3493h] 0x00000060 xchg eax, esi 0x00000061 jo 00007F54D04F5108h 0x00000067 jmp 00007F54D04F5102h 0x0000006c push eax 0x0000006d pushad 0x0000006e pushad 0x0000006f pushad 0x00000070 popad 0x00000071 jl 00007F54D04F50F6h 0x00000077 popad 0x00000078 push eax 0x00000079 push edx 0x0000007a jmp 00007F54D04F50FCh 0x0000007f rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5BF94F second address: 5BF953 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C086B second address: 5C08A4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F54D04F510Ah 0x00000008 jmp 00007F54D04F5104h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jmp 00007F54D04F5105h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5BFBB1 second address: 5BFBB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5BFBB6 second address: 5BFBC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F54D04F50F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C08A4 second address: 5C08A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C08A9 second address: 5C08B3 instructions: 0x00000000 rdtsc 0x00000002 je 00007F54D04F50FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C18C6 second address: 5C18CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C18CA second address: 5C18CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C292A second address: 5C29B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F54D0D8D9B8h 0x0000000c popad 0x0000000d mov dword ptr [esp], eax 0x00000010 call 00007F54D0D8D9BCh 0x00000015 pop ebx 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edx 0x0000001b call 00007F54D0D8D9B8h 0x00000020 pop edx 0x00000021 mov dword ptr [esp+04h], edx 0x00000025 add dword ptr [esp+04h], 00000018h 0x0000002d inc edx 0x0000002e push edx 0x0000002f ret 0x00000030 pop edx 0x00000031 ret 0x00000032 mov dword ptr [ebp+0C8E28DAh], edx 0x00000038 mov dword ptr [ebp+0C8E2E28h], edi 0x0000003e push 00000000h 0x00000040 push 00000000h 0x00000042 push eax 0x00000043 call 00007F54D0D8D9B8h 0x00000048 pop eax 0x00000049 mov dword ptr [esp+04h], eax 0x0000004d add dword ptr [esp+04h], 0000001Dh 0x00000055 inc eax 0x00000056 push eax 0x00000057 ret 0x00000058 pop eax 0x00000059 ret 0x0000005a or ebx, 5EFE1C6Dh 0x00000060 push eax 0x00000061 jo 00007F54D0D8D9C2h 0x00000067 jl 00007F54D0D8D9BCh 0x0000006d push eax 0x0000006e push edx 0x0000006f rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C1AD9 second address: 5C1ADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C1ADD second address: 5C1B59 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F54D0D8D9B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c sbb di, 54EFh 0x00000011 push dword ptr fs:[00000000h] 0x00000018 sub dword ptr [ebp+0C8E17A6h], esi 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 or edi, dword ptr [ebp+0C8E368Bh] 0x0000002b mov eax, dword ptr [ebp+0C8E1291h] 0x00000031 push 00000000h 0x00000033 push esi 0x00000034 call 00007F54D0D8D9B8h 0x00000039 pop esi 0x0000003a mov dword ptr [esp+04h], esi 0x0000003e add dword ptr [esp+04h], 00000014h 0x00000046 inc esi 0x00000047 push esi 0x00000048 ret 0x00000049 pop esi 0x0000004a ret 0x0000004b sub ebx, dword ptr [ebp+0C8E36C3h] 0x00000051 push FFFFFFFFh 0x00000053 push ecx 0x00000054 mov dword ptr [ebp+0C8E20C5h], edx 0x0000005a pop edi 0x0000005b nop 0x0000005c jns 00007F54D0D8D9C4h 0x00000062 push eax 0x00000063 pushad 0x00000064 push eax 0x00000065 push edx 0x00000066 jns 00007F54D0D8D9B6h 0x0000006c rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C1B59 second address: 5C1B5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C4B11 second address: 5C4B1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C4B1A second address: 5C4B68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F54D04F50F8h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000019h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 mov dword ptr [ebp+0C8E1D50h], eax 0x0000002b push 00000000h 0x0000002d sub dword ptr [ebp+0C8E29CAh], ecx 0x00000033 push 00000000h 0x00000035 jne 00007F54D04F50F8h 0x0000003b xchg eax, esi 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f ja 00007F54D04F50F6h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C4B68 second address: 5C4B87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F54D0D8D9C2h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C4B87 second address: 5C4B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C6D63 second address: 5C6D68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C6D68 second address: 5C6D6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C6D6D second address: 5C6D81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d jne 00007F54D0D8D9B6h 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C3A88 second address: 5C3AA5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5109h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C3AA5 second address: 5C3AAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C4DBE second address: 5C4DC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C3AAB second address: 5C3AAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C4DC9 second address: 5C4DFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5103h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F54D04F5108h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C5FA5 second address: 5C5FB7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F54D0D8D9B6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C6F82 second address: 5C6F98 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F54D04F50FEh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C7E35 second address: 5C7E43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F54D0D8D9B6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C6F98 second address: 5C6F9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5CF4FF second address: 5CF50A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5CF50A second address: 5CF50F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5D3B57 second address: 5D3B5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5D3B5B second address: 5D3B61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5D3CF0 second address: 5D3CFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F54D0D8D9B6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5D3CFE second address: 5D3D03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5D81C5 second address: 5D81CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5D81CB second address: 5D81D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5D81D0 second address: 5D81D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5DA95B second address: 5DA973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F54D04F5101h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5DAA41 second address: 5DAA45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5DAA45 second address: 5DAA64 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 je 00007F54D04F50FCh 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5DAA64 second address: 5DAA6A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5DAA6A second address: 5DAA81 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F54D04F50FCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5DAA81 second address: 5DAA88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5DAB5A second address: 5DAB78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F54D04F5101h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5DAB78 second address: 5DABA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F54D0D8D9C4h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5DABA6 second address: 5DABD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5101h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F54D04F5108h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5DEEF3 second address: 5DEEF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5DF084 second address: 5DF097 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F50FFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5DF097 second address: 5DF09D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5DF384 second address: 5DF388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5DF8B1 second address: 5DF8B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5DF8B5 second address: 5DF8C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F54D04F50F6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5DF8C3 second address: 5DF8CB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5DF8CB second address: 5DF8F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F50FAh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F54D04F5107h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E347B second address: 5E3490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F54D0D8D9BCh 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E35F8 second address: 5E3602 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F54D04F50F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E3602 second address: 5E3648 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F54D0D8D9BEh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b jp 00007F54D0D8D9C9h 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jmp 00007F54D0D8D9C6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E3648 second address: 5E364C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E3AC0 second address: 5E3ADC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F54D0D8D9C1h 0x0000000c jmp 00007F54D0D8D9BBh 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E3184 second address: 5E3189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E4231 second address: 5E4235 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E44FA second address: 5E44FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E44FE second address: 5E4504 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E4504 second address: 5E450A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E450A second address: 5E451A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F54D0D8D9B6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E87C9 second address: 5E87CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E87CF second address: 5E87E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jo 00007F54D0D8D9BCh 0x0000000d jg 00007F54D0D8D9B6h 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E87E7 second address: 5E87EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E87EF second address: 5E87F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E87F7 second address: 5E87FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E87FD second address: 5E880D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F54D0D8D9B6h 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E880D second address: 5E8813 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E8813 second address: 5E8824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007F54D0D8D9B6h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E764D second address: 5E7651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E7651 second address: 5E7655 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E7655 second address: 5E7661 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E7661 second address: 5E7665 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B110B second address: 5B1160 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F54D04F50F8h 0x0000000c push edi 0x0000000d pop edi 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 add dx, EB7Fh 0x00000017 lea eax, dword ptr [ebp+0CA72E91h] 0x0000001d push 00000000h 0x0000001f push ebx 0x00000020 call 00007F54D04F50F8h 0x00000025 pop ebx 0x00000026 mov dword ptr [esp+04h], ebx 0x0000002a add dword ptr [esp+04h], 0000001Ch 0x00000032 inc ebx 0x00000033 push ebx 0x00000034 ret 0x00000035 pop ebx 0x00000036 ret 0x00000037 mov cl, 02h 0x00000039 nop 0x0000003a pushad 0x0000003b jnc 00007F54D04F50FCh 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B1160 second address: 5B1164 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B15AE second address: 5B15B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B15B2 second address: 5B15B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B15B8 second address: 5B15C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F54D04F50F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B16CC second address: 5B16D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B1ADE second address: 5B1AE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B1AE2 second address: 5B1AE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B1AE6 second address: 5B1AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B1BAB second address: 5B1BB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B1BB1 second address: 5B1C0F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007F54D04F50F8h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 jc 00007F54D04F50F9h 0x00000029 mov cx, dx 0x0000002c push 00000004h 0x0000002e push 00000000h 0x00000030 push ebx 0x00000031 call 00007F54D04F50F8h 0x00000036 pop ebx 0x00000037 mov dword ptr [esp+04h], ebx 0x0000003b add dword ptr [esp+04h], 00000017h 0x00000043 inc ebx 0x00000044 push ebx 0x00000045 ret 0x00000046 pop ebx 0x00000047 ret 0x00000048 mov edx, 523432DEh 0x0000004d push eax 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 push esi 0x00000052 pop esi 0x00000053 push ecx 0x00000054 pop ecx 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B1EBC second address: 5B1EC5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B1BA7 second address: 5B1BAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B218B second address: 5B218F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B22E3 second address: 5B233B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push esi 0x0000000b call 00007F54D04F50F8h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], esi 0x00000015 add dword ptr [esp+04h], 0000001Bh 0x0000001d inc esi 0x0000001e push esi 0x0000001f ret 0x00000020 pop esi 0x00000021 ret 0x00000022 lea eax, dword ptr [ebp+0CA72E91h] 0x00000028 mov edx, dword ptr [ebp+0C8E2A37h] 0x0000002e nop 0x0000002f jmp 00007F54D04F5101h 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F54D04F50FCh 0x0000003c rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B233B second address: 5B2341 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5B2341 second address: 59BDB1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5101h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F54D04F50F8h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 00000018h 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 mov dh, FEh 0x00000028 call dword ptr [ebp+0C8E17EBh] 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F54D04F50FDh 0x00000037 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 59BDB1 second address: 59BDC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E7AAB second address: 5E7AB7 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F54D04F50FEh 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E7AB7 second address: 5E7ADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F54D0D8D9C4h 0x0000000b jmp 00007F54D0D8D9BEh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E7ADF second address: 5E7AE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E7C5D second address: 5E7C61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E7C61 second address: 5E7C75 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F54D04F50F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007F54D04F50F6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5E819F second address: 5E81A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F0940 second address: 5F0944 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F0A7E second address: 5F0A86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F0EB7 second address: 5F0EBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F0EBB second address: 5F0EC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F0EC1 second address: 5F0ECB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F0ECB second address: 5F0ED5 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F54D0D8D9B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F1309 second address: 5F130D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F130D second address: 5F131D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007F54D0D8D9BEh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F15DA second address: 5F15DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F15DE second address: 5F161C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C8h 0x00000007 jmp 00007F54D0D8D9C8h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop esi 0x0000000f push ebx 0x00000010 jng 00007F54D0D8D9D4h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F161C second address: 5F163C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F54D04F5108h 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F163C second address: 5F1658 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F54D0D8D9C8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F1658 second address: 5F1668 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F50FCh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F1836 second address: 5F185C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F54D0D8D9B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F54D0D8D9C0h 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F185C second address: 5F1861 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F1EC2 second address: 5F1ECC instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F54D0D8D9B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F1ECC second address: 5F1ED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F1ED2 second address: 5F1ED7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F0636 second address: 5F064D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F54D04F50FBh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F064D second address: 5F0651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F469B second address: 5F46A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F46A3 second address: 5F46C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F54D0D8D9B6h 0x0000000a pop ecx 0x0000000b push ebx 0x0000000c jmp 00007F54D0D8D9BCh 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop ebx 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 jo 00007F54D0D8D9B6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F46C8 second address: 5F46F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F50FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F54D04F50FAh 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F54D04F5100h 0x00000018 push edi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5F695E second address: 5F697E instructions: 0x00000000 rdtsc 0x00000002 jp 00007F54D0D8D9B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d jmp 00007F54D0D8D9C0h 0x00000012 pushad 0x00000013 popad 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5FB6E2 second address: 5FB705 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5109h 0x00000007 jg 00007F54D04F50FCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5FED5E second address: 5FED62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5FED62 second address: 5FED7C instructions: 0x00000000 rdtsc 0x00000002 jns 00007F54D04F50F6h 0x00000008 jno 00007F54D04F50F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jp 00007F54D04F50F6h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5FEEBA second address: 5FEEF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jns 00007F54D0D8D9CAh 0x0000000d jnl 00007F54D0D8D9C2h 0x00000013 popad 0x00000014 pushad 0x00000015 jl 00007F54D0D8D9C2h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5FEEF7 second address: 5FEEFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5FEEFD second address: 5FEF04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5FF07C second address: 5FF080 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5FF080 second address: 5FF08D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5FF360 second address: 5FF3A2 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F54D04F50F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007F54D04F5109h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F54D04F5109h 0x00000017 push edi 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a pop edi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5FF3A2 second address: 5FF3B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F54D0D8D9C2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5FF3B8 second address: 5FF3BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 606115 second address: 60611A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 60611A second address: 606120 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 606120 second address: 606134 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F54D0D8D9C0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 60452C second address: 604530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 604530 second address: 60453D instructions: 0x00000000 rdtsc 0x00000002 ja 00007F54D0D8D9B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 60453D second address: 604542 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 604C4C second address: 604C52 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 605261 second address: 60528E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F54D04F50FCh 0x0000000a jmp 00007F54D04F5108h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 60528E second address: 6052A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F54D0D8D9C5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 60582F second address: 605866 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5103h 0x00000007 jmp 00007F54D04F5105h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jng 00007F54D04F50F6h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 605866 second address: 60586A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 60586A second address: 605870 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 6084F7 second address: 60850D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F54D0D8D9C0h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 608A72 second address: 608A76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 608A76 second address: 608A8A instructions: 0x00000000 rdtsc 0x00000002 jng 00007F54D0D8D9B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jno 00007F54D0D8D9B6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 608A8A second address: 608AA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007F54D04F50FAh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 608AA0 second address: 608AA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 60C2F2 second address: 60C344 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F54D04F50FDh 0x00000008 jmp 00007F54D04F5108h 0x0000000d jmp 00007F54D04F5108h 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 jmp 00007F54D04F50FAh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 60C344 second address: 60C355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jp 00007F54D0D8D9BEh 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 60C355 second address: 60C359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 60C5E8 second address: 60C61A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F54D0D8D9B8h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jmp 00007F54D0D8D9C6h 0x00000016 pop ebx 0x00000017 jne 00007F54D0D8D9BAh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 60C61A second address: 60C620 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 60C620 second address: 60C624 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 60CAD9 second address: 60CAE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 je 00007F54D04F50FCh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 60CAE9 second address: 60CAFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F54D0D8D9CEh 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007F54D0D8D9B6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 60CAFD second address: 60CB01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 618396 second address: 6183AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9BFh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 6188D3 second address: 6188D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 6188D7 second address: 6188DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 618A31 second address: 618AA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F54D04F50F6h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jmp 00007F54D04F5103h 0x00000013 push esi 0x00000014 pop esi 0x00000015 popad 0x00000016 ja 00007F54D04F50FEh 0x0000001c push ebx 0x0000001d jmp 00007F54D04F5108h 0x00000022 pop ebx 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F54D04F50FCh 0x0000002b push esi 0x0000002c jmp 00007F54D04F5108h 0x00000031 push edx 0x00000032 pop edx 0x00000033 pop esi 0x00000034 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 618D39 second address: 618D4F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F54D0D8D9B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007F54D0D8D9D0h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 618D4F second address: 618D53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 618D53 second address: 618D57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 618EB9 second address: 618ED3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007F54D04F50F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jp 00007F54D04F50F6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 618ED3 second address: 618ED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 6191C2 second address: 6191CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F54D04F50F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 619941 second address: 61994B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F54D0D8D9B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 61994B second address: 619963 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5104h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 619963 second address: 6199BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F54D0D8D9DDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jng 00007F54D0D8D9BEh 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 pushad 0x0000001a popad 0x0000001b jmp 00007F54D0D8D9BCh 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 61D51C second address: 61D54B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F54D04F50FFh 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007F54D04F5107h 0x00000010 push edi 0x00000011 pop edi 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 61D54B second address: 61D55D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F54D0D8D9BBh 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 61D55D second address: 61D563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 61D3EB second address: 61D3F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 6214B3 second address: 6214D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F54D04F50F6h 0x0000000a jmp 00007F54D04F50FDh 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 6214D0 second address: 6214D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 6214D6 second address: 6214DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 6214DB second address: 6214E0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 6214E0 second address: 621502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push edx 0x00000009 jg 00007F54D04F50F6h 0x0000000f jg 00007F54D04F50F6h 0x00000015 pop edx 0x00000016 push edi 0x00000017 pushad 0x00000018 popad 0x00000019 pop edi 0x0000001a jc 00007F54D04F50FCh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 630406 second address: 630410 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 630410 second address: 630414 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 630414 second address: 630431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F54D0D8D9BAh 0x0000000f jmp 00007F54D0D8D9BAh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 630431 second address: 630436 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 630436 second address: 63043C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 63055E second address: 630562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 630562 second address: 630568 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 633978 second address: 633987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 633987 second address: 63398B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 63398B second address: 63398F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 637EDC second address: 637F00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C9h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 637F00 second address: 637F08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 637F08 second address: 637F0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 637F0E second address: 637F1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F54D04F50F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C1B45 second address: 5C1B49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 5C1B49 second address: 5C1B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007F54D04F50F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 644928 second address: 64492E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 648293 second address: 6482A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5102h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 64BA9E second address: 64BAA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 64BAA2 second address: 64BAB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 je 00007F54D04F50F6h 0x0000000d jbe 00007F54D04F50F6h 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 64BAB6 second address: 64BACF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F54D0D8D9C5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 64BC3C second address: 64BC66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F54D04F50F8h 0x0000000b jns 00007F54D04F5107h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 64BC66 second address: 64BC95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F54D0D8D9C6h 0x0000000b jnp 00007F54D0D8D9B6h 0x00000011 popad 0x00000012 je 00007F54D0D8D9BCh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 64C06A second address: 64C06E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 64C06E second address: 64C076 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 64C325 second address: 64C33B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007F54D04F50FBh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 64C4BB second address: 64C4D8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push ebx 0x00000008 pushad 0x00000009 jmp 00007F54D0D8D9C2h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 64CF3B second address: 64CF4A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F54D04F50F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 64CF4A second address: 64CF6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F54D0D8D9B6h 0x0000000a jmp 00007F54D0D8D9C4h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 650D2F second address: 650D33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 650D33 second address: 650D4D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F54D0D8D9C4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 650D4D second address: 650D53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 650D53 second address: 650D57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 650A4B second address: 650A55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 6580A2 second address: 6580A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 65CA2A second address: 65CA3A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F54D04F50F6h 0x00000008 jns 00007F54D04F50F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 65CA3A second address: 65CA40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 65C2D4 second address: 65C2D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 65BFCD second address: 65BFD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 65BFD1 second address: 65BFFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F54D04F5104h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007F54D04F50F8h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jnl 00007F54D04F50F6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 65BFFB second address: 65BFFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 65C8C1 second address: 65C8C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 66E1D1 second address: 66E1D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 66E1D5 second address: 66E1F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F54D04F5105h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 66E1F9 second address: 66E1FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 66DEE1 second address: 66DEE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 66DEE7 second address: 66DF18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F54D0D8D9C6h 0x00000009 popad 0x0000000a jmp 00007F54D0D8D9C1h 0x0000000f pop edx 0x00000010 push esi 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 6736F5 second address: 6736FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 6736FB second address: 673731 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pushad 0x00000008 jnl 00007F54D0D8D9BEh 0x0000000e jmp 00007F54D0D8D9C2h 0x00000013 je 00007F54D0D8D9C2h 0x00000019 jne 00007F54D0D8D9B6h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 673878 second address: 67388B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jne 00007F54D04F50F6h 0x0000000b jo 00007F54D04F50F6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 673E1B second address: 673E3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 673F7A second address: 673F7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 673F7F second address: 673F8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 673F8E second address: 673F94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 673F94 second address: 673F9E instructions: 0x00000000 rdtsc 0x00000002 jno 00007F54D0D8D9B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 673F9E second address: 673FC7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F54D04F510Eh 0x00000008 jmp 00007F54D04F5108h 0x0000000d pushad 0x0000000e jne 00007F54D04F50F6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 67429D second address: 6742B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9BDh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 678257 second address: 678269 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F54D04F50FCh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 678269 second address: 678271 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4791802 second address: 479185F instructions: 0x00000000 rdtsc 0x00000002 mov ebx, eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebp, esp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F54D04F5100h 0x00000010 xor ax, A5F8h 0x00000015 jmp 00007F54D04F50FBh 0x0000001a popfd 0x0000001b pushfd 0x0000001c jmp 00007F54D04F5108h 0x00000021 adc al, 00000058h 0x00000024 jmp 00007F54D04F50FBh 0x00000029 popfd 0x0000002a popad 0x0000002b pop ebp 0x0000002c pushad 0x0000002d mov al, BFh 0x0000002f push eax 0x00000030 push edx 0x00000031 push edx 0x00000032 pop esi 0x00000033 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479197F second address: 4791985 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4791985 second address: 4791989 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4791989 second address: 47919DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F54D0D8D9BEh 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F54D0D8D9C0h 0x00000014 mov ebp, esp 0x00000016 jmp 00007F54D0D8D9C0h 0x0000001b pop ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F54D0D8D9C7h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790011 second address: 4790053 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5101h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bh, 1Ah 0x0000000f pushfd 0x00000010 jmp 00007F54D04F5104h 0x00000015 add ax, 8EB8h 0x0000001a jmp 00007F54D04F50FBh 0x0000001f popfd 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790053 second address: 47900A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F54D0D8D9C5h 0x0000000b and ecx, 5B230156h 0x00000011 jmp 00007F54D0D8D9C1h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b jmp 00007F54D0D8D9C1h 0x00000020 xchg eax, ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47900A2 second address: 47900A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47900A6 second address: 47900AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47900AC second address: 479011C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5102h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F54D04F50FEh 0x00000012 add ax, DD08h 0x00000017 jmp 00007F54D04F50FBh 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007F54D04F5108h 0x00000023 xor ax, 7F68h 0x00000028 jmp 00007F54D04F50FBh 0x0000002d popfd 0x0000002e popad 0x0000002f mov eax, dword ptr fs:[00000030h] 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 mov esi, ebx 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479011C second address: 4790136 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F54D0D8D9C6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790136 second address: 479015E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F50FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub esp, 18h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F54D04F5100h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479015E second address: 4790164 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790164 second address: 479016A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479016A second address: 47901C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c pushad 0x0000000d push eax 0x0000000e pop esi 0x0000000f push edx 0x00000010 jmp 00007F54D0D8D9C4h 0x00000015 pop eax 0x00000016 popad 0x00000017 push eax 0x00000018 jmp 00007F54D0D8D9C0h 0x0000001d xchg eax, ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F54D0D8D9BAh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47901C3 second address: 47901D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F50FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47901D2 second address: 4790262 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, bl 0x00000005 push eax 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebx, dword ptr [eax+10h] 0x0000000d pushad 0x0000000e call 00007F54D0D8D9C8h 0x00000013 pushfd 0x00000014 jmp 00007F54D0D8D9C2h 0x00000019 or al, 00000038h 0x0000001c jmp 00007F54D0D8D9BBh 0x00000021 popfd 0x00000022 pop ecx 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F54D0D8D9C2h 0x0000002a and ch, FFFFFF98h 0x0000002d jmp 00007F54D0D8D9BBh 0x00000032 popfd 0x00000033 popad 0x00000034 popad 0x00000035 xchg eax, esi 0x00000036 jmp 00007F54D0D8D9C6h 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f mov di, ax 0x00000042 movzx esi, bx 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790262 second address: 4790268 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790268 second address: 479026C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479026C second address: 479027B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479027B second address: 4790290 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790290 second address: 47902B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5101h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [772406ECh] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47902B1 second address: 47902C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47902C4 second address: 47902CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47902CA second address: 47902E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F54D0D8D9BAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47902E0 second address: 4790370 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F54D04F5101h 0x00000009 sub cx, 78B6h 0x0000000e jmp 00007F54D04F5101h 0x00000013 popfd 0x00000014 mov eax, 6310CEA7h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c jne 00007F54D04F5F81h 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F54D04F50FFh 0x0000002b sub esi, 54A5C5EEh 0x00000031 jmp 00007F54D04F5109h 0x00000036 popfd 0x00000037 pushfd 0x00000038 jmp 00007F54D04F5100h 0x0000003d sub ax, 2568h 0x00000042 jmp 00007F54D04F50FBh 0x00000047 popfd 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790370 second address: 4790394 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790394 second address: 479039A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479039A second address: 47903AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F54D0D8D9C1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47903AF second address: 4790426 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F54D04F50FCh 0x0000000e xchg eax, edi 0x0000000f jmp 00007F54D04F5100h 0x00000014 call dword ptr [77210B60h] 0x0000001a mov eax, 766BE5E0h 0x0000001f ret 0x00000020 pushad 0x00000021 jmp 00007F54D04F50FEh 0x00000026 movzx ecx, di 0x00000029 popad 0x0000002a push 00000044h 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007F54D04F5103h 0x00000033 sbb cl, 0000007Eh 0x00000036 jmp 00007F54D04F5109h 0x0000003b popfd 0x0000003c push eax 0x0000003d push edx 0x0000003e mov edi, esi 0x00000040 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790426 second address: 4790441 instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F54D0D8D9C0h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790441 second address: 47904BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F54D04F50FCh 0x00000009 sbb ecx, 765A06D8h 0x0000000f jmp 00007F54D04F50FBh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, edi 0x00000019 jmp 00007F54D04F5106h 0x0000001e push eax 0x0000001f pushad 0x00000020 mov di, C8E4h 0x00000024 popad 0x00000025 xchg eax, edi 0x00000026 jmp 00007F54D04F5106h 0x0000002b push dword ptr [eax] 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 mov ax, di 0x00000033 call 00007F54D04F5109h 0x00000038 pop esi 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47904BE second address: 47904EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000030h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F54D0D8D9C7h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790578 second address: 479059D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5109h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov di, ax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479059D second address: 47905D6 instructions: 0x00000000 rdtsc 0x00000002 call 00007F54D0D8D9C6h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov edi, 1B7D1426h 0x0000000f popad 0x00000010 je 00007F55437BCAA0h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov cl, 98h 0x0000001b call 00007F54D0D8D9BBh 0x00000020 pop ecx 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47905D6 second address: 4790612 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, eax 0x00000005 jmp 00007F54D04F5100h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d sub eax, eax 0x0000000f jmp 00007F54D04F5101h 0x00000014 mov dword ptr [esi], edi 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F54D04F50FDh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790612 second address: 47906A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F54D0D8D9BCh 0x00000013 or ch, FFFFFFB8h 0x00000016 jmp 00007F54D0D8D9BBh 0x0000001b popfd 0x0000001c mov si, B1EFh 0x00000020 popad 0x00000021 mov dword ptr [esi+08h], eax 0x00000024 jmp 00007F54D0D8D9C2h 0x00000029 mov dword ptr [esi+0Ch], eax 0x0000002c pushad 0x0000002d pushad 0x0000002e jmp 00007F54D0D8D9BCh 0x00000033 mov di, si 0x00000036 popad 0x00000037 mov al, D3h 0x00000039 popad 0x0000003a mov eax, dword ptr [ebx+4Ch] 0x0000003d jmp 00007F54D0D8D9C9h 0x00000042 mov dword ptr [esi+10h], eax 0x00000045 pushad 0x00000046 mov si, 0B43h 0x0000004a pushad 0x0000004b mov dx, ax 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47906A3 second address: 479071D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [ebx+50h] 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F54D04F50FCh 0x00000010 adc ch, 00000008h 0x00000013 jmp 00007F54D04F50FBh 0x00000018 popfd 0x00000019 push ecx 0x0000001a pushfd 0x0000001b jmp 00007F54D04F50FFh 0x00000020 and cx, 544Eh 0x00000025 jmp 00007F54D04F5109h 0x0000002a popfd 0x0000002b pop ecx 0x0000002c popad 0x0000002d mov dword ptr [esi+14h], eax 0x00000030 jmp 00007F54D04F5107h 0x00000035 mov eax, dword ptr [ebx+54h] 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479071D second address: 4790740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F54D0D8D9C1h 0x0000000a jmp 00007F54D0D8D9BBh 0x0000000f popfd 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790740 second address: 4790746 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790746 second address: 479074A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479074A second address: 479077A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F50FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+18h], eax 0x0000000e pushad 0x0000000f push esi 0x00000010 mov cl, bl 0x00000012 pop eax 0x00000013 jmp 00007F54D04F50FDh 0x00000018 popad 0x00000019 mov eax, dword ptr [ebx+58h] 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479077A second address: 479077E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479077E second address: 4790784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790784 second address: 47907CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F54D0D8D9C0h 0x00000009 and cx, 3B18h 0x0000000e jmp 00007F54D0D8D9BBh 0x00000013 popfd 0x00000014 mov ah, A2h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov dword ptr [esi+1Ch], eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f call 00007F54D0D8D9C7h 0x00000024 pop eax 0x00000025 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47907CC second address: 47907E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, 65D6ECCBh 0x00000009 popad 0x0000000a mov eax, dword ptr [ebx+5Ch] 0x0000000d pushad 0x0000000e mov al, 2Ah 0x00000010 push eax 0x00000011 push edx 0x00000012 mov esi, edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47907E0 second address: 47907E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47907E4 second address: 4790860 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esi+20h], eax 0x0000000a pushad 0x0000000b mov ax, dx 0x0000000e push ebx 0x0000000f mov esi, 4572ACABh 0x00000014 pop eax 0x00000015 popad 0x00000016 mov eax, dword ptr [ebx+60h] 0x00000019 jmp 00007F54D04F5107h 0x0000001e mov dword ptr [esi+24h], eax 0x00000021 pushad 0x00000022 mov di, si 0x00000025 pushad 0x00000026 mov cl, DCh 0x00000028 mov edi, 720457FEh 0x0000002d popad 0x0000002e popad 0x0000002f mov eax, dword ptr [ebx+64h] 0x00000032 pushad 0x00000033 mov ebx, 209968D6h 0x00000038 mov cl, dl 0x0000003a popad 0x0000003b mov dword ptr [esi+28h], eax 0x0000003e pushad 0x0000003f pushfd 0x00000040 jmp 00007F54D04F5104h 0x00000045 or ecx, 3E61AEF8h 0x0000004b jmp 00007F54D04F50FBh 0x00000050 popfd 0x00000051 push eax 0x00000052 push edx 0x00000053 push ecx 0x00000054 pop ebx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790860 second address: 4790888 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [ebx+68h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F54D0D8D9BAh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790888 second address: 479088E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479088E second address: 47908E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F54D0D8D9BCh 0x00000009 xor eax, 385B13B8h 0x0000000f jmp 00007F54D0D8D9BBh 0x00000014 popfd 0x00000015 mov ch, 4Fh 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov dword ptr [esi+2Ch], eax 0x0000001d pushad 0x0000001e mov esi, edi 0x00000020 mov dx, 1F00h 0x00000024 popad 0x00000025 mov ax, word ptr [ebx+6Ch] 0x00000029 pushad 0x0000002a mov edx, 5AAACE18h 0x0000002f mov eax, ebx 0x00000031 popad 0x00000032 mov word ptr [esi+30h], ax 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F54D0D8D9C6h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47908E9 second address: 47908EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47908EF second address: 4790948 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ax, word ptr [ebx+00000088h] 0x0000000f jmp 00007F54D0D8D9C9h 0x00000014 mov word ptr [esi+32h], ax 0x00000018 jmp 00007F54D0D8D9BEh 0x0000001d mov eax, dword ptr [ebx+0000008Ch] 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F54D0D8D9C7h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790948 second address: 479094E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479094E second address: 4790952 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790952 second address: 4790956 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790956 second address: 47909BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+34h], eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F54D0D8D9BDh 0x00000012 jmp 00007F54D0D8D9BBh 0x00000017 popfd 0x00000018 pushfd 0x00000019 jmp 00007F54D0D8D9C8h 0x0000001e xor esi, 6737C1F8h 0x00000024 jmp 00007F54D0D8D9BBh 0x00000029 popfd 0x0000002a popad 0x0000002b mov eax, dword ptr [ebx+18h] 0x0000002e pushad 0x0000002f mov edi, eax 0x00000031 mov eax, 4A88D127h 0x00000036 popad 0x00000037 mov dword ptr [esi+38h], eax 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d mov eax, ebx 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47909BD second address: 47909C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47909C3 second address: 47909C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47909C7 second address: 47909EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+1Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e call 00007F54D04F5107h 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47909EF second address: 47909F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47909F4 second address: 4790A78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5104h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+3Ch], eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F54D04F50FEh 0x00000013 sbb ax, 4048h 0x00000018 jmp 00007F54D04F50FBh 0x0000001d popfd 0x0000001e mov cx, FBBFh 0x00000022 popad 0x00000023 mov eax, dword ptr [ebx+20h] 0x00000026 pushad 0x00000027 mov dh, ah 0x00000029 mov esi, edi 0x0000002b popad 0x0000002c mov dword ptr [esi+40h], eax 0x0000002f pushad 0x00000030 mov bx, 82A8h 0x00000034 jmp 00007F54D04F5101h 0x00000039 popad 0x0000003a lea eax, dword ptr [ebx+00000080h] 0x00000040 jmp 00007F54D04F50FEh 0x00000045 push 00000001h 0x00000047 push eax 0x00000048 push edx 0x00000049 pushad 0x0000004a mov si, di 0x0000004d mov cx, di 0x00000050 popad 0x00000051 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790A78 second address: 4790AAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, ax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F54D0D8D9C6h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F54D0D8D9BDh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790AAA second address: 4790ABF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5101h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790ABF second address: 4790ACF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F54D0D8D9BCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790ACF second address: 4790AD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790AD3 second address: 4790B34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007F54D0D8D9C7h 0x0000000e lea eax, dword ptr [ebp-10h] 0x00000011 pushad 0x00000012 mov esi, 7D338A2Bh 0x00000017 pushfd 0x00000018 jmp 00007F54D0D8D9C0h 0x0000001d xor ax, 39B8h 0x00000022 jmp 00007F54D0D8D9BBh 0x00000027 popfd 0x00000028 popad 0x00000029 nop 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F54D0D8D9C0h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790B34 second address: 4790B3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790B3A second address: 4790B75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 477CEF73h 0x00000008 mov eax, 172D0FCFh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 movsx ebx, cx 0x00000015 pushfd 0x00000016 jmp 00007F54D0D8D9BCh 0x0000001b sbb ax, 5E78h 0x00000020 jmp 00007F54D0D8D9BBh 0x00000025 popfd 0x00000026 popad 0x00000027 nop 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790B75 second address: 4790B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790B79 second address: 4790B7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790B7D second address: 4790B83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790B83 second address: 4790B89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790B89 second address: 4790B8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790C0E second address: 4790C3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 mov ebx, 4AC2AB0Eh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d js 00007F55437BC45Eh 0x00000013 pushad 0x00000014 mov cx, bx 0x00000017 call 00007F54D0D8D9C7h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790C3E second address: 4790D1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov eax, dword ptr [ebp-0Ch] 0x00000009 pushad 0x0000000a mov cl, dh 0x0000000c pushfd 0x0000000d jmp 00007F54D04F50FCh 0x00000012 sbb si, 4CB8h 0x00000017 jmp 00007F54D04F50FBh 0x0000001c popfd 0x0000001d popad 0x0000001e mov dword ptr [esi+04h], eax 0x00000021 pushad 0x00000022 push eax 0x00000023 mov si, dx 0x00000026 pop ebx 0x00000027 jmp 00007F54D04F50FCh 0x0000002c popad 0x0000002d lea eax, dword ptr [ebx+78h] 0x00000030 jmp 00007F54D04F5100h 0x00000035 push 00000001h 0x00000037 pushad 0x00000038 pushfd 0x00000039 jmp 00007F54D04F50FEh 0x0000003e add cx, 7178h 0x00000043 jmp 00007F54D04F50FBh 0x00000048 popfd 0x00000049 pushfd 0x0000004a jmp 00007F54D04F5108h 0x0000004f sbb cl, FFFFFFD8h 0x00000052 jmp 00007F54D04F50FBh 0x00000057 popfd 0x00000058 popad 0x00000059 nop 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d pushfd 0x0000005e jmp 00007F54D04F50FBh 0x00000063 add esi, 5508DE9Eh 0x00000069 jmp 00007F54D04F5109h 0x0000006e popfd 0x0000006f jmp 00007F54D04F5100h 0x00000074 popad 0x00000075 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790D1F second address: 4790D31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F54D0D8D9BEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790D31 second address: 4790D58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov di, si 0x0000000d call 00007F54D04F5108h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790D58 second address: 4790D65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 nop 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790D65 second address: 4790D6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790D6B second address: 4790DD0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-08h] 0x0000000c pushad 0x0000000d mov edi, ecx 0x0000000f jmp 00007F54D0D8D9C0h 0x00000014 popad 0x00000015 nop 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F54D0D8D9BEh 0x0000001d adc ch, FFFFFFE8h 0x00000020 jmp 00007F54D0D8D9BBh 0x00000025 popfd 0x00000026 movzx eax, dx 0x00000029 popad 0x0000002a push eax 0x0000002b jmp 00007F54D0D8D9C2h 0x00000030 nop 0x00000031 pushad 0x00000032 mov dx, si 0x00000035 push ecx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790DEF second address: 4790DFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F54D04F50FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790DFF second address: 4790E03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790E03 second address: 4790E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, eax 0x0000000a pushad 0x0000000b mov ecx, edx 0x0000000d pushad 0x0000000e mov dx, 85FAh 0x00000012 mov ecx, edi 0x00000014 popad 0x00000015 popad 0x00000016 test edi, edi 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F54D04F50FFh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790E2E second address: 4790E4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790E4B second address: 4790E75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5101h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F5542F2394Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F54D04F50FDh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790E75 second address: 4790ED5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp-04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F54D0D8D9C3h 0x00000015 sbb esi, 21F01E6Eh 0x0000001b jmp 00007F54D0D8D9C9h 0x00000020 popfd 0x00000021 jmp 00007F54D0D8D9C0h 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790ED5 second address: 4790EE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F54D04F50FEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790EE7 second address: 4790F11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+08h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e call 00007F54D0D8D9C8h 0x00000013 pop ecx 0x00000014 mov eax, ebx 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790F11 second address: 4790F17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790F17 second address: 4790F1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790F1B second address: 4790F1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790F1F second address: 4790F6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebx+70h] 0x0000000b jmp 00007F54D0D8D9C2h 0x00000010 push 00000001h 0x00000012 pushad 0x00000013 mov si, di 0x00000016 popad 0x00000017 push esp 0x00000018 jmp 00007F54D0D8D9C4h 0x0000001d mov dword ptr [esp], eax 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 jmp 00007F54D0D8D9BDh 0x00000028 mov edx, esi 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790F6E second address: 4790F8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov esi, ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a lea eax, dword ptr [ebp-18h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F54D04F50FEh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790F8B second address: 4790F9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F54D0D8D9BEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790F9D second address: 4790FA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790FA1 second address: 4790FBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F54D0D8D9C3h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790FBF second address: 4790FD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F54D04F5104h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790FD7 second address: 4790FDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4790FDB second address: 4790FEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push esi 0x0000000f pop ebx 0x00000010 mov ebx, eax 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4791046 second address: 479104A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479104A second address: 4791067 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5109h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4791067 second address: 479111E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F55437BBFE9h 0x0000000f pushad 0x00000010 push ecx 0x00000011 mov dh, 1Fh 0x00000013 pop ecx 0x00000014 mov di, 8F38h 0x00000018 popad 0x00000019 mov eax, dword ptr [ebp-14h] 0x0000001c jmp 00007F54D0D8D9C7h 0x00000021 mov ecx, esi 0x00000023 jmp 00007F54D0D8D9C6h 0x00000028 mov dword ptr [esi+0Ch], eax 0x0000002b jmp 00007F54D0D8D9C0h 0x00000030 mov edx, 772406ECh 0x00000035 pushad 0x00000036 pushfd 0x00000037 jmp 00007F54D0D8D9BEh 0x0000003c xor esi, 66BC8B28h 0x00000042 jmp 00007F54D0D8D9BBh 0x00000047 popfd 0x00000048 mov ecx, 4D29181Fh 0x0000004d popad 0x0000004e sub eax, eax 0x00000050 pushad 0x00000051 mov eax, edx 0x00000053 mov ecx, edi 0x00000055 popad 0x00000056 lock cmpxchg dword ptr [edx], ecx 0x0000005a push eax 0x0000005b push edx 0x0000005c jmp 00007F54D0D8D9C2h 0x00000061 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479111E second address: 4791123 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4791123 second address: 4791168 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movsx edi, si 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F54D0D8D9BBh 0x00000013 pushfd 0x00000014 jmp 00007F54D0D8D9C8h 0x00000019 add ecx, 502F3248h 0x0000001f jmp 00007F54D0D8D9BBh 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4791168 second address: 47911C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F54D04F5105h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d test eax, eax 0x0000000f pushad 0x00000010 mov edi, ecx 0x00000012 mov edx, ecx 0x00000014 popad 0x00000015 jne 00007F5542F23645h 0x0000001b jmp 00007F54D04F5102h 0x00000020 mov edx, dword ptr [ebp+08h] 0x00000023 jmp 00007F54D04F5100h 0x00000028 mov eax, dword ptr [esi] 0x0000002a pushad 0x0000002b mov si, FE4Dh 0x0000002f popad 0x00000030 mov dword ptr [edx], eax 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 mov esi, ebx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47911C7 second address: 47912A9 instructions: 0x00000000 rdtsc 0x00000002 movsx edx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007F54D0D8D9C8h 0x0000000d and esi, 0C7C5BC8h 0x00000013 jmp 00007F54D0D8D9BBh 0x00000018 popfd 0x00000019 popad 0x0000001a mov eax, dword ptr [esi+04h] 0x0000001d jmp 00007F54D0D8D9C6h 0x00000022 mov dword ptr [edx+04h], eax 0x00000025 jmp 00007F54D0D8D9C0h 0x0000002a mov eax, dword ptr [esi+08h] 0x0000002d pushad 0x0000002e popad 0x0000002f mov dword ptr [edx+08h], eax 0x00000032 jmp 00007F54D0D8D9C6h 0x00000037 mov eax, dword ptr [esi+0Ch] 0x0000003a pushad 0x0000003b pushfd 0x0000003c jmp 00007F54D0D8D9BEh 0x00000041 add ax, 72E8h 0x00000046 jmp 00007F54D0D8D9BBh 0x0000004b popfd 0x0000004c mov ax, 8ADFh 0x00000050 popad 0x00000051 mov dword ptr [edx+0Ch], eax 0x00000054 pushad 0x00000055 mov ch, F6h 0x00000057 push eax 0x00000058 push edx 0x00000059 pushfd 0x0000005a jmp 00007F54D0D8D9C3h 0x0000005f add esi, 28E63ADEh 0x00000065 jmp 00007F54D0D8D9C9h 0x0000006a popfd 0x0000006b rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47912A9 second address: 47912C0 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 0EAA31A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esi+10h] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov di, 624Ah 0x00000014 mov dh, 59h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47912C0 second address: 47912EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+10h], eax 0x0000000c jmp 00007F54D0D8D9BEh 0x00000011 mov eax, dword ptr [esi+14h] 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47912EB second address: 47912EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47912EF second address: 47912F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47912F5 second address: 4791330 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F54D04F5102h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+14h], eax 0x0000000e jmp 00007F54D04F5107h 0x00000013 mov eax, dword ptr [esi+18h] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4791330 second address: 479134B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479134B second address: 47913A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 mov eax, edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [edx+18h], eax 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F54D04F5103h 0x00000014 sbb al, 0000001Eh 0x00000017 jmp 00007F54D04F5109h 0x0000001c popfd 0x0000001d mov ch, F4h 0x0000001f popad 0x00000020 mov eax, dword ptr [esi+1Ch] 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F54D04F5106h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47913A8 second address: 47913C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+1Ch], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f movsx edi, ax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47913C2 second address: 47913C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47913C7 second address: 47913E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+20h] 0x0000000c pushad 0x0000000d mov edx, esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47913E8 second address: 47913EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47913EC second address: 4791419 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [edx+20h], eax 0x0000000d jmp 00007F54D0D8D9C0h 0x00000012 mov eax, dword ptr [esi+24h] 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4791419 second address: 479141D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479141D second address: 4791421 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4791421 second address: 4791427 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4791427 second address: 4791436 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F54D0D8D9BBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4791436 second address: 479143A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479143A second address: 479144D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+24h], eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov edx, 44047044h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479144D second address: 47914C6 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F54D04F5109h 0x0000000c or esi, 7B8FF836h 0x00000012 jmp 00007F54D04F5101h 0x00000017 popfd 0x00000018 popad 0x00000019 mov eax, dword ptr [esi+28h] 0x0000001c jmp 00007F54D04F50FEh 0x00000021 mov dword ptr [edx+28h], eax 0x00000024 jmp 00007F54D04F5100h 0x00000029 mov ecx, dword ptr [esi+2Ch] 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F54D04F5107h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47914C6 second address: 479150C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+2Ch], ecx 0x0000000c jmp 00007F54D0D8D9BEh 0x00000011 mov ax, word ptr [esi+30h] 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 call 00007F54D0D8D9BDh 0x0000001d pop eax 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479150C second address: 479160B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F50FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [edx+30h], ax 0x0000000d jmp 00007F54D04F5100h 0x00000012 mov ax, word ptr [esi+32h] 0x00000016 pushad 0x00000017 movzx eax, di 0x0000001a mov dh, CAh 0x0000001c popad 0x0000001d mov word ptr [edx+32h], ax 0x00000021 pushad 0x00000022 movzx esi, di 0x00000025 mov dx, 2820h 0x00000029 popad 0x0000002a mov eax, dword ptr [esi+34h] 0x0000002d jmp 00007F54D04F50FFh 0x00000032 mov dword ptr [edx+34h], eax 0x00000035 pushad 0x00000036 pushfd 0x00000037 jmp 00007F54D04F5104h 0x0000003c jmp 00007F54D04F5105h 0x00000041 popfd 0x00000042 jmp 00007F54D04F5100h 0x00000047 popad 0x00000048 test ecx, 00000700h 0x0000004e pushad 0x0000004f mov al, D5h 0x00000051 popad 0x00000052 jne 00007F5542F23269h 0x00000058 jmp 00007F54D04F5104h 0x0000005d or dword ptr [edx+38h], FFFFFFFFh 0x00000061 jmp 00007F54D04F5100h 0x00000066 or dword ptr [edx+3Ch], FFFFFFFFh 0x0000006a jmp 00007F54D04F5100h 0x0000006f or dword ptr [edx+40h], FFFFFFFFh 0x00000073 jmp 00007F54D04F5100h 0x00000078 pop esi 0x00000079 pushad 0x0000007a push eax 0x0000007b push edx 0x0000007c call 00007F54D04F50FCh 0x00000081 pop esi 0x00000082 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 479160B second address: 47A0589 instructions: 0x00000000 rdtsc 0x00000002 mov si, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007F54D0D8D9C7h 0x0000000d jmp 00007F54D0D8D9C3h 0x00000012 popfd 0x00000013 popad 0x00000014 pop ebx 0x00000015 jmp 00007F54D0D8D9C6h 0x0000001a leave 0x0000001b jmp 00007F54D0D8D9C0h 0x00000020 retn 0004h 0x00000023 nop 0x00000024 cmp word ptr [esp+42h], 0000h 0x0000002a je 00007F54D0D8DA7Bh 0x00000030 xor ebx, ebx 0x00000032 mov eax, dword ptr [00408E20h] 0x00000037 cmp dword ptr [eax+ebx*8], FFFFFFFFh 0x0000003b lea esi, dword ptr [eax+ebx*8] 0x0000003e jne 00007F54D0D8D9FFh 0x00000040 test ebx, ebx 0x00000042 mov byte ptr [esi+04h], FFFFFF81h 0x00000046 jne 00007F54D0D8D9B7h 0x00000048 push FFFFFFF6h 0x0000004a pop eax 0x0000004b jmp 00007F54D0D8D9BCh 0x0000004d push eax 0x0000004e call 00007F54D5129362h 0x00000053 mov edi, edi 0x00000055 jmp 00007F54D0D8D9BFh 0x0000005a xchg eax, ebp 0x0000005b pushad 0x0000005c mov ecx, 41A1F2A7h 0x00000061 popad 0x00000062 push eax 0x00000063 jmp 00007F54D0D8D9BDh 0x00000068 xchg eax, ebp 0x00000069 jmp 00007F54D0D8D9BEh 0x0000006e mov ebp, esp 0x00000070 push eax 0x00000071 push edx 0x00000072 jmp 00007F54D0D8D9C7h 0x00000077 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47A04D3 second address: 47A0515 instructions: 0x00000000 rdtsc 0x00000002 mov si, DC17h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a jmp 00007F54D04F50FDh 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 jmp 00007F54D04F50FCh 0x00000016 mov eax, 4070B691h 0x0000001b popad 0x0000001c mov ebp, esp 0x0000001e pushad 0x0000001f mov ah, dh 0x00000021 popad 0x00000022 mov eax, dword ptr [ebp+08h] 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F54D04F50FAh 0x0000002e rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47A0515 second address: 47A051B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47A0371 second address: 47A0375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47A0375 second address: 47A0392 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47A0392 second address: 47A047D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F54D04F5107h 0x00000009 xor cl, 0000006Eh 0x0000000c jmp 00007F54D04F5109h 0x00000011 popfd 0x00000012 mov ax, C2F7h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a pushad 0x0000001b mov cx, dx 0x0000001e mov edx, 0D3901DAh 0x00000023 popad 0x00000024 xchg eax, ebp 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F54D04F5103h 0x0000002c adc ecx, 0D86442Eh 0x00000032 jmp 00007F54D04F5109h 0x00000037 popfd 0x00000038 popad 0x00000039 mov ebp, esp 0x0000003b pushad 0x0000003c push esi 0x0000003d pushfd 0x0000003e jmp 00007F54D04F5103h 0x00000043 adc si, 5A3Eh 0x00000048 jmp 00007F54D04F5109h 0x0000004d popfd 0x0000004e pop esi 0x0000004f mov ax, dx 0x00000052 popad 0x00000053 pop ebp 0x00000054 push eax 0x00000055 push edx 0x00000056 pushad 0x00000057 pushfd 0x00000058 jmp 00007F54D04F5104h 0x0000005d sub esi, 10736668h 0x00000063 jmp 00007F54D04F50FBh 0x00000068 popfd 0x00000069 mov dl, ch 0x0000006b popad 0x0000006c rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47A028B second address: 47A02BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F54D0D8D9BEh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov eax, 640F6C83h 0x00000018 mov esi, 77524DDFh 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47A02BE second address: 47A02F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5105h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F54D04F50FEh 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov edi, 1BAD0D90h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47A02F1 second address: 47A0329 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F54D0D8D9BDh 0x00000012 jmp 00007F54D0D8D9C0h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47A0329 second address: 47A033B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F54D04F50FEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47A0649 second address: 47A0661 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F54D0D8D9C4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47A06D2 second address: 47A06D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47A06D6 second address: 47A06DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47A06DC second address: 47A06F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F54D04F5105h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47A06F5 second address: 47A073A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov cx, bx 0x00000014 pushfd 0x00000015 jmp 00007F54D0D8D9BFh 0x0000001a jmp 00007F54D0D8D9C3h 0x0000001f popfd 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4780516 second address: 47805A5 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F54D04F5102h 0x00000008 add ah, FFFFFFE8h 0x0000000b jmp 00007F54D04F50FBh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 xchg eax, ebp 0x00000015 pushad 0x00000016 call 00007F54D04F5104h 0x0000001b pushfd 0x0000001c jmp 00007F54D04F5102h 0x00000021 add ch, 00000078h 0x00000024 jmp 00007F54D04F50FBh 0x00000029 popfd 0x0000002a pop eax 0x0000002b mov ecx, edi 0x0000002d popad 0x0000002e push eax 0x0000002f jmp 00007F54D04F5102h 0x00000034 xchg eax, ebp 0x00000035 jmp 00007F54D04F5100h 0x0000003a mov ebp, esp 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47805A5 second address: 47805A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47805A9 second address: 47805AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 478036E second address: 4780372 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4780372 second address: 4780376 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4780376 second address: 478037C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 478037C second address: 47803E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5102h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F54D04F50FEh 0x00000012 add eax, 26804B58h 0x00000018 jmp 00007F54D04F50FBh 0x0000001d popfd 0x0000001e push eax 0x0000001f push edx 0x00000020 pushfd 0x00000021 jmp 00007F54D04F5106h 0x00000026 xor eax, 228455B8h 0x0000002c jmp 00007F54D04F50FBh 0x00000031 popfd 0x00000032 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47806C4 second address: 4780707 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 1F23AD23h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f mov eax, 0158F911h 0x00000014 call 00007F54D0D8D9BEh 0x00000019 movzx ecx, bx 0x0000001c pop edi 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 pushad 0x00000021 mov ecx, 77DDA25Fh 0x00000026 mov bx, si 0x00000029 popad 0x0000002a pop ebp 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F54D0D8D9BDh 0x00000032 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47801D9 second address: 4780245 instructions: 0x00000000 rdtsc 0x00000002 movsx ebx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F54D04F5108h 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F54D04F50FCh 0x00000018 adc al, FFFFFFC8h 0x0000001b jmp 00007F54D04F50FBh 0x00000020 popfd 0x00000021 pushfd 0x00000022 jmp 00007F54D04F5108h 0x00000027 or si, B528h 0x0000002c jmp 00007F54D04F50FBh 0x00000031 popfd 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4780245 second address: 4780271 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D0D8D9C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ebx, 29304F1Eh 0x00000012 mov edi, 488E3F2Ah 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4780271 second address: 47802A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F54D04F5100h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F54D04F5107h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4780080 second address: 4780086 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 4780086 second address: 47800AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, si 0x00000006 jmp 00007F54D04F5108h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47800AE second address: 47800B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47800B2 second address: 47800B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47800B8 second address: 47800C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRDTSC instruction interceptor: First address: 47800C0 second address: 4780120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebp 0x00000008 pushad 0x00000009 mov esi, 54F8575Fh 0x0000000e movzx ecx, bx 0x00000011 popad 0x00000012 mov ebp, esp 0x00000014 jmp 00007F54D04F5107h 0x00000019 push dword ptr [ebp+04h] 0x0000001c jmp 00007F54D04F5106h 0x00000021 push dword ptr [ebp+0Ch] 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F54D04F5107h 0x0000002b rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSpecial instruction interceptor: First address: 42183B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSpecial instruction interceptor: First address: 5A9969 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSpecial instruction interceptor: First address: 5CF53B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSpecial instruction interceptor: First address: 6238F4 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00425039 rdtsc 0_2_00425039
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeWindow / User API: threadDelayed 1422Jump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeWindow / User API: threadDelayed 1410Jump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E_N60005\krnln.fnrJump to dropped file
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E_N60005\dp1.fneJump to dropped file
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E_N60005\eAPI.fneJump to dropped file
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeAPI coverage: 7.6 %
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exe TID: 7448Thread sleep time: -102051s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exe TID: 7420Thread sleep time: -2845422s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exe TID: 7428Thread sleep time: -2821410s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_100655A0 FindFirstFileA,FindClose,0_2_100655A0
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_10065610 FindFirstFileA,FindClose,0_2_10065610
Source: MysticThumbs4.2.0 Patch.exe, MysticThumbs4.2.0 Patch.exe, 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeFile opened: NTICE
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeFile opened: SICE
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_00425039 rdtsc 0_2_00425039
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_100D5263 GetModuleHandleA,LoadLibraryA,GetProcAddress,#17,#17,FreeLibrary,0_2_100D5263
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_1002D07F GetProcessHeap,0_2_1002D07F
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004B06000.00000004.00000020.00020000.00000000.sdmp, eAPI.fne.0.drBinary or memory string: Shell_TrayWnd
Source: MysticThumbs4.2.0 Patch.exe, MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004B06000.00000004.00000020.00020000.00000000.sdmp, MysticThumbs4.2.0 Patch.exe, 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Progman
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmp, MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1321710760.0000000002560000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ProgmanSHELLDLL_DefViewSysListView32SystemRoot\Explorer.exekernel32.dllGetSystemWow64DirectoryA@00A83340010B000000002FE41F31300281C168151F31300200002FE481C10058CCBF894C240815FEF4FFFFA7C420FE89H
Source: MysticThumbs4.2.0 Patch.exe, 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VProgram Managerh?
Source: MysticThumbs4.2.0 Patch.exe, MysticThumbs4.2.0 Patch.exe, 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VProgram Manager
Source: eAPI.fne.0.drBinary or memory string: *.*index.datdesktop.ini..\*.*-%luS-1-%luSet cdaudio door closed waitSet cdaudio door open waitGlobalMemoryStatusExKernel32.dll %1%s\shell\%s\command.%s%s\shell\%s%c:%C:%s\%s.lnkSoftware\Microsoft\Windows\CurrentVersion\Run\HistoryLastTermTypeLastServiceLastMachineTermType%dService%dSoftware\Microsoft\TelnetMachine%dSoftware\Microsoft\Windows\CurrentVersion\Explorer\RecentDocsSoftware\Microsoft\Windows\CurrentVersion\Explorer\RunMRUSoftware\Microsoft\RAS Autodial\AddressesSoftware\Microsoft\Internet Explorer\IntelliForms\e161255a-37c3-11d2-bcaa-00c04fd929db\Data\Data\e161255a-37c3-11d2-bcaa-00c04fd929dbSoftware\Microsoft\Protected Storage System Provider\Software\Microsoft\Internet Explorer\TypedURLsntdllNtQuerySystemInformationPerfStats\StopStatPerfStats\StatDataKERNEL\CPUUsagePerfStats\StartStat%s\%sbmpicldllexeicoUntitledSOFTWARE\Microsoft\Internet Explorerx86 Family %s Model %s Stepping %s%08X-%08X-%08X-%08X\StringFileInfo\%s\Comments\StringFileInfo\%s\ProductVersion\StringFileInfo\%s\ProductName\StringFileInfo\%s\OriginalFilename\StringFileInfo\%s\LegalTrademarks\StringFileInfo\%s\LegalCopyright\StringFileInfo\%s\InternalName\StringFileInfo\%s\FileDescription\StringFileInfo\%s\CompanyName\StringFileInfo\%s\FileVersion040904E4000%x, \VarFileInfo\TranslationZwUnmapViewOfSectionZwMapViewOfSectionZwOpenSectionntdll.dll\device\physicalmemory\%s%s\%s\%s.lnkExecHotIconIconButtonTextDefault VisibleYesCLSID{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}Software\Microsoft\Internet Explorer\Extensions\{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}Software\Microsoft\Internet Explorer\Extensions\%sSoftware\Microsoft\Internet Explorer\ExtensionsExt + Alt + Shift + Ctrl + %s,%d%s.lnk.lnkwindowsdevice,,,GetDefaultPrinterAwinspool.drvSetDefaultPrinterATileWallpaperWallpaperStyleWallpaperControl Panel\DesktopShell_TrayWndProgmanRundll32 netplwiz.dll,UsersRunDllrundll32.exe shell32.dll,Control_RunDLL Inetcpl.cpl,,rundll32.exe shell32.dll,Control_RunDLL intl.cpl,,rundll32.exe shell32.dll,Control_RunDLL powercfg.cplrundll32.exe shell32.dll,Control_RunDLL odbccp32.cplrundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,,rundll32.exe shell32.dll,Control_RunDLL main.cpl @1,rundll32.exe shell32.dll,Control_RunDLL main.cpl @0,rundll32.exe shell32.dll,Control_RunDLL joy.cpl,,rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL FontsFolderrundll32.exe shell32.dll,Control_RunDLL timedate.cpl,,rundll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,rundll32.exe shell32.dll,SHHelpShortcuts_RunDLL AddPrinterrundll32.exe shell32.dll,Control_RunDLL access.cpl,,rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,%s%drundll32.exe shell32.dll,Control_RunDLL sysdm.cpl,,rundll32.exe shell32.dll,Control_RunDLLSetLayeredWindowAttributesUSER32.DLLDISPLAYMicrosoft Internet ExplorerMSInfo32.exeMSInfoSoftware\Microsoft\Shared Tools LocationPathSoftware\Microsoft\Shared Tools\MSInfoIsHungThreadIsHungAppWindowUser32
Source: C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exeCode function: 0_2_100DDF5A GetVersion,GetProcessVersion,LoadCursorA,LoadCursorA,LoadCursorA,0_2_100DDF5A

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		1
Masquerading		1
Input Capture		751
Security Software Discovery		Remote Services1
Input Capture		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		Boot or Logon Initialization Scripts1
DLL Side-Loading		24
Virtualization/Sandbox Evasion		LSASS Memory24
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Archive Collected Data		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager2
Process Discovery		SMB/Windows Admin Shares3
Clipboard Data		SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS11
Application Window Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script4
Obfuscated Files or Information		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
Software Packing		Cached Domain Credentials24
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
MysticThumbs4.2.0 Patch.exe73%ReversingLabsWin32.Trojan.Strictor
MysticThumbs4.2.0 Patch.exe100%AviraTR/Crypt.CFI.Gen
MysticThumbs4.2.0 Patch.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\E_N60005\dp1.fne0%ReversingLabs
C:\Users\user\AppData\Local\Temp\E_N60005\eAPI.fne13%ReversingLabs
C:\Users\user\AppData\Local\Temp\E_N60005\krnln.fnr36%ReversingLabsWin32.PUA.FlyStudio

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.eyuyan.comMysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004B06000.00000004.00000020.00020000.00000000.sdmp, MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004AE6000.00000004.00000020.00020000.00000000.sdmp, dp1.fne.0.dr, eAPI.fne.0.drfalse
    		unknown
    http://dywt.com.cn/RSATool2v14.rarMysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004AE6000.00000004.00000020.00020000.00000000.sdmp, dp1.fne.0.drfalse
      		unknown
      http://www.baidu.comMysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004B06000.00000004.00000020.00020000.00000000.sdmp, eAPI.fne.0.drfalse
        		unknown
        http://www.baidu.comtestMysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004B06000.00000004.00000020.00020000.00000000.sdmp, eAPI.fne.0.drfalse
          		unknown
          http://www.eyuyan.comDVarFileInfo$MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004B01000.00000004.00000020.00020000.00000000.sdmp, dp1.fne.0.drfalse
            		unknown
            http://www.52pojie.cn/MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1321710760.0000000002560000.00000004.00001000.00020000.00000000.sdmpfalse
              		unknown
              http://www.eyuyan.comserviceMysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004B06000.00000004.00000020.00020000.00000000.sdmp, MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.0000000004AE6000.00000004.00000020.00020000.00000000.sdmp, dp1.fne.0.dr, eAPI.fne.0.drfalse
                		unknown
                http://dywt.com.cnMysticThumbs4.2.0 Patch.exe, 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmp, MysticThumbs4.2.0 Patch.exe, 00000000.00000003.1322941486.00000000049AB000.00000004.00000020.00020000.00000000.sdmp, krnln.fnr.0.drfalse
                  		unknown

                  World Map of Contacted IPs

                  No contacted IP infos

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1544637
                  Start date and time:2024-10-29 15:55:37 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 8m 24s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:9
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:MysticThumbs4.2.0 Patch.exe
                  Detection:MAL
                  Classification:mal100.evad.winEXE@1/3@0/0
                  EGA Information:
                  • Successful, ratio: 100%
                  HCA Information:Failed
                  Cookbook Comments:
                  • Found application associated with file extension: .exe
                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                  • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size exceeded maximum capacity and may have missing disassembly code.
                  • VT rate limit hit for: MysticThumbs4.2.0 Patch.exe

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  12:11:17API Interceptor10683684x Sleep call for process: MysticThumbs4.2.0 Patch.exe modified

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  C:\Users\user\AppData\Local\Temp\E_N60005\eAPI.fneAIBIJIAO 15.exeGet hashmaliciousUnknownBrowse
                    buding.exeGet hashmaliciousUnknownBrowse
                      SecuriteInfo.com.FileRepMalware.20949.22734.exeGet hashmaliciousBlackMoonBrowse
                        kDTGTVIHAr.exeGet hashmaliciousUnknownBrowse
                          buding.exeGet hashmaliciousUnknownBrowse
                            S2fUTvz2L6.exeGet hashmaliciousUnknownBrowse
                              vfKkwM2QFU.exeGet hashmaliciousUnknownBrowse
                                86DQaQW0wx.exeGet hashmaliciousUnknownBrowse
                                  G9NCnBiMys.exeGet hashmaliciousUnknownBrowse
                                    YLficQaO6S.exeGet hashmaliciousUnknownBrowse
                                      C:\Users\user\AppData\Local\Temp\E_N60005\dp1.fneAIBIJIAO 15.exeGet hashmaliciousUnknownBrowse
                                        buding.exeGet hashmaliciousUnknownBrowse
                                          SecuriteInfo.com.FileRepMalware.20949.22734.exeGet hashmaliciousBlackMoonBrowse
                                            kDTGTVIHAr.exeGet hashmaliciousUnknownBrowse
                                              buding.exeGet hashmaliciousUnknownBrowse
                                                S2fUTvz2L6.exeGet hashmaliciousUnknownBrowse
                                                  vfKkwM2QFU.exeGet hashmaliciousUnknownBrowse
                                                    86DQaQW0wx.exeGet hashmaliciousUnknownBrowse
                                                      G9NCnBiMys.exeGet hashmaliciousUnknownBrowse
                                                        YLficQaO6S.exeGet hashmaliciousUnknownBrowse

                                                          Created / dropped Files

                                                          C:\Users\user\AppData\Local\Temp\E_N60005\dp1.fne

                                                          Download File
                                                          Process:C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):131072
                                                          Entropy (8bit):5.964541965095613
                                                          Encrypted:false
                                                          SSDEEP:1536:tiDSn+hfeTpCwAncpZ6Z8HTiQjl1sYiKG3oe/:UDTReTgwAcp9lqKG3o
                                                          MD5:07201B1FD5F8925DD49A4556AC3B5BAB
                                                          SHA1:A76AFBB44376912F823F2B461507C28D2585A96C
                                                          SHA-256:ABEBBB0981D3D51EB63ABCFA68BE98DA0CAE4E6E3B143DD431FC845D1457DBD2
                                                          SHA-512:0CF673CE1B6CAD38F0211231E876F00F6A8397A5F3E71680046F4A216BBE0F47F4541E5F5B49364310E41A04CCE14703459725C3D9F052F9DA13624E73753E12
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Joe Sandbox View:
                                                          • Filename: AIBIJIAO 15.exe, Detection: malicious, Browse
                                                          • Filename: buding.exe, Detection: malicious, Browse
                                                          • Filename: SecuriteInfo.com.FileRepMalware.20949.22734.exe, Detection: malicious, Browse
                                                          • Filename: kDTGTVIHAr.exe, Detection: malicious, Browse
                                                          • Filename: buding.exe, Detection: malicious, Browse
                                                          • Filename: S2fUTvz2L6.exe, Detection: malicious, Browse
                                                          • Filename: vfKkwM2QFU.exe, Detection: malicious, Browse
                                                          • Filename: 86DQaQW0wx.exe, Detection: malicious, Browse
                                                          • Filename: G9NCnBiMys.exe, Detection: malicious, Browse
                                                          • Filename: YLficQaO6S.exe, Detection: malicious, Browse
                                                          Reputation:moderate, very likely benign file
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........F.E.(.E.(.E.(.>.$.D.(.s.#.B.(...&.R.(.s."...(.'.;.@.(.E.)...(..#.F.(..".U.(..,.D.(.RichE.(.................PE..L....[8K...........!.....@..........>........P......................................................................0n..i....h..<.......|.......................X....................................................P...............................text...28.......@.................. ..`.rdata.......P... ...P..............@..@.data....7...p...`...p..............@....rsrc...|...........................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Temp\E_N60005\eAPI.fne

                                                          Download File
                                                          Process:C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:modified
                                                          Size (bytes):315392
                                                          Entropy (8bit):6.3266193682979415
                                                          Encrypted:false
                                                          SSDEEP:6144:yE+ULyjYsLavN8JFhOyccPT8oV2wQfRayWjG:yoWRVXUyhIoIwQ4VG
                                                          MD5:7C1FF88991F5EAFAB82B1BEAEFC33A42
                                                          SHA1:5EA338434C4C070AAF4E4E3952B4B08B551267BC
                                                          SHA-256:53483523C316AD8C022C2B07A5CABFFF3339BC5CB5E4AC24C3260EEA4F4D9731
                                                          SHA-512:310C90C82B545160420375C940B4D6176400E977F74048BFE2E0D0784BC167B361DC7AAC149B8379F6E24050A253F321A6606295414EA9B68A563D59D0D17A48
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 13%
                                                          Joe Sandbox View:
                                                          • Filename: AIBIJIAO 15.exe, Detection: malicious, Browse
                                                          • Filename: buding.exe, Detection: malicious, Browse
                                                          • Filename: SecuriteInfo.com.FileRepMalware.20949.22734.exe, Detection: malicious, Browse
                                                          • Filename: kDTGTVIHAr.exe, Detection: malicious, Browse
                                                          • Filename: buding.exe, Detection: malicious, Browse
                                                          • Filename: S2fUTvz2L6.exe, Detection: malicious, Browse
                                                          • Filename: vfKkwM2QFU.exe, Detection: malicious, Browse
                                                          • Filename: 86DQaQW0wx.exe, Detection: malicious, Browse
                                                          • Filename: G9NCnBiMys.exe, Detection: malicious, Browse
                                                          • Filename: YLficQaO6S.exe, Detection: malicious, Browse
                                                          Reputation:moderate, very likely benign file
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|..f..f..f...z..f...z..f..~y...f...y..f..f..f..f..~g...nO.f..~y...f...`..f..~y..f..Rich.f..........PE..L....=.O...........!................6............................................................................... y..E...hX..T....@..X....................`..\;...................................................................................text............................... ..`.rdata..ey..........................@..@.data...a...........................@....rsrc...X....@... ...@..............@..@.reloc...b...`...p...`..............@..B........................................................................................................................................................................................................................................................................................................................

                                                          C:\Users\user\AppData\Local\Temp\E_N60005\krnln.fnr

                                                          Download File
                                                          Process:C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):1290240
                                                          Entropy (8bit):6.506000162022637
                                                          Encrypted:false
                                                          SSDEEP:24576:zSgLnl5lfDNttzmkh03mQYDiglaadmzrWHwM12S:mUZDpp037ScuHwM12S
                                                          MD5:B3B09F4A3A6704000C3A0C6ACC825E9D
                                                          SHA1:46625C56A8D8E5BC1862D9322C803D01CDD535B8
                                                          SHA-256:0F45C6E1779F17FEB4C0652605E24BFB4DD0A5DA6A0642850D0B6B38579A5EFE
                                                          SHA-512:CD89874828CB5445C3C6EA6FDED77C280557D78001A08E45F47D78A147DBE93E0E90F4AFA8370F1C95CE6EFA6AD38E8C8D94E9E895024C89100378312166DBD0
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 36%
                                                          Reputation:low
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F...'...'...'...;...'...8...'...'...'..X;...'...'...%...8...'..38..x'..38...'..c!...'..38...'..Rich.'..........PE..L...L0.X...........!.....`...@.......2.......p.......................................................................4...............................................................................................p..t............................text....T.......`.................. ..`.rdata.......p.......p..............@..@.data...D5...`...@...`..............@....rsrc...............................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Entropy (8bit):7.967263678844268
                                                          TrID:
                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                          • DOS Executable Generic (2002/1) 0.02%
                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                          File name:MysticThumbs4.2.0 Patch.exe
                                                          File size:2'422'974 bytes
                                                          MD5:204728b183383e9e064ccb65fba64408
                                                          SHA1:d8b1b2bd56de42db44013e23d84e3aacdee202db
                                                          SHA256:4639a785aa9db39e1823df53c9c25195d41bcbcc05245d068058b64512f1bcff
                                                          SHA512:f18ba0b8a2f0785b0e5ab0090cbe7918f4db5619c5ee9c2ce6ad1b4828b1696934e1a05835c2f8346e6589b9858fb2a7caef734be5427d2f1f905960e6772e49
                                                          SSDEEP:49152:MO9igDAIUUmigufifR3BcKLx/yQFLmCC4GiFvGfPhtMsj:9UgDgigufeR3BcKNKQFLS6MJSW
                                                          TLSH:57B533D0270A1239CF6C64303905D1E75E96983E3DF2EB1CD840BD6B726D885678AFAD
                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............a...a...a...}...a...}...a...~...a...a...a...~...a...~...a..Rich.a..................PE..L........................P...p.....

                                                          File Icon

                                                          Icon Hash:9eb3c18c2ceea99a

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x7fe000
                                                          Entrypoint Section:ulosnzww
                                                          Digitally signed:false
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                          DLL Characteristics:
                                                          Time Stamp:0x59BFFA3 [Mon Dec 25 05:33:23 1972 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:4
                                                          OS Version Minor:0
                                                          File Version Major:4
                                                          File Version Minor:0
                                                          Subsystem Version Major:4
                                                          Subsystem Version Minor:0
                                                          Import Hash:baa93d47220682c04d92f7797d9224ce

                                                          Entrypoint Preview

                                                          Instruction
                                                          push esi
                                                          push eax
                                                          push ebx
                                                          call 00007F54D0B690D6h
                                                          int3
                                                          pop eax
                                                          mov ebx, eax
                                                          inc eax
                                                          sub eax, 0017A000h
                                                          sub eax, 04A4B0ACh
                                                          add eax, 04A4B0A3h
                                                          cmp byte ptr [ebx], FFFFFFCCh
                                                          jne 00007F54D0B690EBh
                                                          mov byte ptr [ebx], 00000000h
                                                          mov ebx, 00001000h
                                                          push 55A4EC80h
                                                          push 740573DFh
                                                          push ebx
                                                          push eax
                                                          call 00007F54D0B690DFh
                                                          add eax, 00000000h
                                                          mov dword ptr [esp+08h], eax
                                                          pop ebx
                                                          pop eax
                                                          ret
                                                          push ebp
                                                          mov ebp, esp
                                                          push eax
                                                          push ebx
                                                          push ecx
                                                          push esi
                                                          mov esi, dword ptr [ebp+08h]
                                                          mov ecx, dword ptr [ebp+0Ch]
                                                          shr ecx, 02h
                                                          mov eax, dword ptr [ebp+10h]
                                                          mov ebx, dword ptr [ebp+14h]
                                                          test ecx, ecx
                                                          je 00007F54D0B690DCh
                                                          xor dword ptr [esi], eax
                                                          add dword ptr [esi], ebx
                                                          add esi, 04h
                                                          dec ecx
                                                          jmp 00007F54D0B690C4h
                                                          pop esi
                                                          pop ecx
                                                          pop ebx
                                                          pop eax
                                                          leave
                                                          retn 0010h
                                                          and dword ptr [esp+ebx+4Ah], 798BD309h
                                                          dec ebx
                                                          mov cl, 2Fh
                                                          mov eax, dword ptr [E96A9187h]
                                                          adc eax, dword ptr [A584FA88h]
                                                          lodsb
                                                          pop ecx
                                                          xlatb
                                                          or byte ptr [edx+5Ah], al
                                                          test eax, B7A328CDh
                                                          mov al, B1h
                                                          jno 00007F54D0B69072h
                                                          xor al, E7h
                                                          jbe 00007F54D0B69092h
                                                          imul esp, dword ptr [edi+1Ah], 45h
                                                          adc bh, byte ptr [edx]
                                                          xchg dword ptr [edi+edx-478D94A6h], ebp
                                                          pop ss
                                                          jp 00007F54D0B690F9h
                                                          and al, BAh

                                                          Rich Headers

                                                          Programming Language:
                                                          • [C++] VS98 (6.0) build 8168
                                                          • [ C ] VS98 (6.0) build 8168

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1d06d0x95.idata
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1b0000x10f8.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          0x10000x1a0000x9000347e8c1d4791201e7f6643fd3c232ecbFalse0.8973795572916666data7.769714016837807IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .rsrc0x1b0000x10f80x10007e08e18e97b9ae20b54fc81334b9aad3False0.40234375data3.8594140165341244IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .idata 0x1d0000x10000x10000afc4378833f2daeea673fe7ff72d283False0.027099609375data0.2209580149541892IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          0x1e0000x2660000x10004fbc43991c7159d216a3b8c322400332unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          awewbyhg0x2840000x17a0000x17a000be20e9cf3c6a0c39741337f090dc177bFalse0.9923244254298942data7.951787681950419IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          ulosnzww0x3fe0000x10000x10000dd2087ab7da28f046fc9f7296872db8False0.0732421875data0.7373397302001756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                          Resources

                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                          RT_ICON0x3fce580x128Device independent bitmap graphic, 16 x 32 x 4, image size 192ChineseChina0.3885135135135135
                                                          RT_ICON0x3fcf800x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640ChineseChina0.33198924731182794
                                                          RT_ICON0x3fd2680x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536ChineseChina0.22378048780487805
                                                          RT_GROUP_ICON0x3fd8d00x30dataChineseChina0.9166666666666666
                                                          RT_VERSION0x3fd9000x2f0SysEx File - IDPChineseChina0.5212765957446809
                                                          RT_MANIFEST0x3fdbf00x1cdXML 1.0 document, ASCII text, with very long lines (461), with no line terminatorsChineseChina0.5878524945770065

                                                          Imports

                                                          DLLImport
                                                          kernel32.dlllstrcpy
                                                          comctl32.dllInitCommonControls

                                                          Possible Origin

                                                          Language of compilation systemCountry where language is spokenMap
                                                          ChineseChina

                                                          Network Behavior

                                                          No network behavior found

                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:10:56:35
                                                          Start date:29/10/2024
                                                          Path:C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\MysticThumbs4.2.0 Patch.exe"
                                                          Imagebase:0x400000
                                                          File size:2'422'974 bytes
                                                          MD5 hash:204728B183383E9E064CCB65FBA64408
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low
                                                          Has exited:false

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:0.8%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:1.4%
                                                            Total number of Nodes:492
                                                            Total number of Limit Nodes:33
                                                            execution_graph 42632 10016f20 LoadImageA LoadImageA 42633 403861 42634 40388c 42633->42634 42647 403a93 HeapCreate 42634->42647 42636 4038c0 42649 404a2e 42636->42649 42640 4038e5 42663 4046af 42640->42663 42642 4038ef 42667 4045f6 42642->42667 42644 4038f4 42675 40113a 42644->42675 42646 40392f 42648 403ab3 42647->42648 42648->42636 42703 4039a0 42649->42703 42651 404a3f 42652 4039a0 2 API calls 42651->42652 42653 4038d5 42651->42653 42652->42651 42654 4048fc 42653->42654 42655 404917 42654->42655 42656 40492b 42655->42656 42657 40491f 42655->42657 42658 4039a0 2 API calls 42656->42658 42660 4049c0 42656->42660 42659 4039a0 2 API calls 42657->42659 42657->42660 42658->42660 42661 40499d 42659->42661 42660->42640 42661->42660 42716 403832 42661->42716 42664 4046c1 42663->42664 42665 4039a0 2 API calls 42664->42665 42666 40470a 42665->42666 42666->42642 42668 404603 42667->42668 42669 4039a0 2 API calls 42668->42669 42674 404635 42669->42674 42670 40468c 42671 403832 RtlFreeHeap 42670->42671 42672 404698 42671->42672 42672->42644 42673 4039a0 2 API calls 42673->42674 42674->42670 42674->42673 42676 401165 CreateFileA 42675->42676 42677 401196 SetFilePointer 42676->42677 42678 40118a 42676->42678 42677->42678 42679 4011b2 ReadFile 42677->42679 42680 401512 42678->42680 42727 401507 42678->42727 42682 4011cf 42679->42682 42702 401275 42679->42702 42680->42646 42682->42678 42682->42702 42721 40346b 42682->42721 42683 4033e0 RtlFreeHeap 42683->42678 42686 401210 SetFilePointer 42687 401229 ReadFile 42686->42687 42686->42702 42688 401244 42687->42688 42687->42702 42689 4012ed CreateDirectoryA 42688->42689 42688->42702 42690 40130c 42689->42690 42691 40346b 2 API calls 42690->42691 42690->42702 42692 40133b 42691->42692 42693 401366 42692->42693 42694 401379 42692->42694 42692->42702 42696 4033e0 RtlFreeHeap 42693->42696 42724 4033e0 42694->42724 42696->42702 42697 401381 42698 401400 CreateFileA 42697->42698 42700 401449 42697->42700 42697->42702 42698->42697 42699 401427 WriteFile CloseHandle 42698->42699 42699->42697 42701 40147d LoadLibraryA 42700->42701 42700->42702 42701->42702 42702->42678 42702->42683 42706 4039b2 42703->42706 42707 4039af 42706->42707 42709 4039b9 42706->42709 42707->42651 42709->42707 42710 4039de 42709->42710 42711 4039f1 42710->42711 42712 4039eb 42710->42712 42714 4039fd RtlAllocateHeap 42711->42714 42715 403a12 42711->42715 42713 403e63 VirtualAlloc 42712->42713 42713->42711 42714->42715 42715->42709 42717 40383b 42716->42717 42718 40385f 42716->42718 42719 403851 RtlFreeHeap 42717->42719 42720 403847 42717->42720 42718->42660 42719->42718 42720->42660 42722 4039b2 2 API calls 42721->42722 42723 401204 42722->42723 42723->42686 42723->42702 42725 403832 RtlFreeHeap 42724->42725 42726 4033e9 42725->42726 42726->42697 42730 1002dbba 42727->42730 42733 1002d07f GetProcessHeap 42730->42733 42736 1005f160 42733->42736 42735 401510 42735->42680 42737 1005f192 42736->42737 42738 1005f199 VirtualAlloc 42737->42738 42739 1005f1c3 42737->42739 42738->42739 42740 1005f268 OleInitialize 42739->42740 42741 1005f27a GetModuleFileNameA 42739->42741 42759 1005f3d1 42739->42759 42740->42741 42742 1005f29c 42741->42742 42743 1005f2e1 SetCurrentDirectoryA 42742->42743 42744 1005f2f0 GetCurrentDirectoryA 42742->42744 42745 1005f327 42743->42745 42744->42745 42747 1005f378 LoadCursorA GetStockObject 42745->42747 42746 1005f753 42748 1005f979 42746->42748 42756 1005f94d 42746->42756 42749 1005f3af 42747->42749 42760 1005fad9 42748->42760 42763 100d9d7e __EH_prolog 42748->42763 42752 100d33ea 3 API calls 42749->42752 42753 1005f3c3 GetCurrentThreadId 42752->42753 42753->42759 42755 1005faac 42764 100d9e5a __EH_prolog 42755->42764 42756->42748 42757 1006002e 42756->42757 42762 1005c030 15 API calls 42756->42762 42757->42735 42759->42746 42761 100d5df8 InterlockedIncrement 42759->42761 42760->42735 42761->42759 42762->42756 42763->42755 42764->42760 42765 100c816d HeapCreate 42766 100c818d 42765->42766 42767 100c81a2 42765->42767 42768 100c81a5 42766->42768 42769 100c8196 HeapDestroy 42766->42769 42769->42767 42238 10034580 42240 100345a1 42238->42240 42239 100345e3 42240->42239 42241 10034600 GetStockObject LoadCursorA 42240->42241 42242 10034672 42241->42242 42244 100d33ea 42242->42244 42245 100d3434 ctype 42244->42245 42246 100d344f 42245->42246 42249 100d335c 42245->42249 42246->42239 42248 100d3464 CreateWindowExA 42248->42246 42250 100d336d 42249->42250 42251 100d337e GetCurrentThreadId SetWindowsHookExA 42250->42251 42252 100d339b 42250->42252 42251->42252 42252->42248 42253 10030b40 42254 10030b62 42253->42254 42255 10030ba4 42254->42255 42256 10030c84 CreateSolidBrush 42254->42256 42277 100d9af6 42256->42277 42258 10030c9a 42259 100d33ea 3 API calls 42258->42259 42260 10030cd5 42259->42260 42260->42255 42281 10030e70 42260->42281 42263 10030d02 SendMessageA 42265 10030d21 SendMessageA 42263->42265 42268 10030d33 42263->42268 42265->42268 42266 10030e1f SendMessageA SendMessageA 42267 10030e53 42266->42267 42268->42266 42311 100d52da 8 API calls ctype 42268->42311 42270 10030d6b 42271 100d33ea 3 API calls 42270->42271 42272 10030d9c 42271->42272 42273 10030ddc SendMessageA 42272->42273 42274 10030da0 42272->42274 42273->42274 42275 10030e09 42273->42275 42274->42266 42312 100d589d EnableWindow 42275->42312 42278 100d9b06 42277->42278 42280 100d9b02 42277->42280 42313 100d9a6f __EH_prolog ctype 42278->42313 42280->42258 42282 10030ea6 42281->42282 42283 10030e9a 42281->42283 42314 100d984e __EH_prolog 42282->42314 42283->42282 42323 100d9b4d __EH_prolog DeleteObject 42283->42323 42286 10030ee7 42325 100d910e GetStockObject SelectObject SelectObject __EH_prolog 42286->42325 42288 10030ef2 GetTextExtentPoint32A GetSystemMetrics 42290 10030f32 42288->42290 42291 10030f3c GetWindowRect 42288->42291 42289 10030eb2 42289->42286 42295 10030ed7 42289->42295 42326 100d914a SelectObject SelectObject __EH_prolog 42290->42326 42293 10030f52 42291->42293 42294 10030f7e 42291->42294 42293->42294 42300 100d580c SetWindowPos 42293->42300 42296 10030f82 42294->42296 42297 10030f90 GetStockObject 42294->42297 42324 100d914a SelectObject SelectObject __EH_prolog 42295->42324 42298 10030fa1 SendMessageA 42296->42298 42297->42298 42301 10030fc4 42298->42301 42302 10030fae 42298->42302 42300->42294 42318 100d98c0 __EH_prolog 42301->42318 42304 100d580c SetWindowPos 42302->42304 42303 10030ee3 42303->42288 42304->42301 42307 100d580c 42308 100d583b 42307->42308 42309 100d5816 SetWindowPos 42307->42309 42308->42263 42309->42308 42311->42270 42312->42274 42313->42280 42315 100d9864 42314->42315 42316 100d9878 GetDC 42315->42316 42317 100d988a 42316->42317 42317->42289 42319 100d8fed 42318->42319 42320 100d98e0 ReleaseDC 42319->42320 42327 100d9034 __EH_prolog 42320->42327 42323->42282 42324->42303 42325->42288 42326->42291 42328 10030ce5 42327->42328 42329 100d9052 42327->42329 42328->42263 42328->42307 42330 100d9057 DeleteDC 42329->42330 42330->42328 42331 100d5789 42332 100d579f 42331->42332 42333 100d5790 SetWindowTextA 42331->42333 42333->42332 42770 100447e0 42771 10044806 42770->42771 42772 10044846 42771->42772 42773 100448d6 CreateSolidBrush 42771->42773 42774 100d9af6 __EH_prolog 42773->42774 42777 100448ee 42774->42777 42775 100449b0 42776 100d33ea 3 API calls 42775->42776 42778 100449e9 42776->42778 42777->42775 42780 100d984e 2 API calls 42777->42780 42778->42772 42779 10044a11 42778->42779 42781 10044a3b SendMessageA 42779->42781 42782 10044a3d SendMessageA 42779->42782 42783 10044925 42780->42783 42781->42782 42789 1008d8e0 19 API calls 42783->42789 42785 1004493e 42786 1004497b DestroyCursor 42785->42786 42788 10044943 42785->42788 42786->42788 42787 100d98c0 ctype 4 API calls 42787->42775 42788->42787 42789->42785 42334 100ddb88 SetErrorMode SetErrorMode 42335 100ddb9f ctype 42334->42335 42336 100ddbd4 ctype 42335->42336 42338 100ddbeb 42335->42338 42350 100dd3ad 42338->42350 42340 100ddbfe GetModuleFileNameA 42341 100ddc30 42340->42341 42352 100ddd08 lstrlenA lstrcpynA 42341->42352 42343 100ddc4c 42344 100ddc84 42343->42344 42353 100d8a71 42343->42353 42346 100ddccf 42344->42346 42347 100ddcb4 lstrcpyA 42344->42347 42348 100ddcde lstrcatA 42346->42348 42349 100ddcfc 42346->42349 42347->42346 42348->42349 42349->42336 42351 100dd3bc 42350->42351 42351->42340 42352->42343 42354 100dd3ad ctype 42353->42354 42355 100d8a77 LoadStringA 42354->42355 42356 100d8a92 42355->42356 42356->42344 42357 100dcb8b EnterCriticalSection 42358 100dcbaa 42357->42358 42359 100dcc66 42358->42359 42360 100dcbe4 GlobalAlloc 42358->42360 42361 100dcbf7 GlobalHandle GlobalUnlock GlobalReAlloc 42358->42361 42362 100dcc7b LeaveCriticalSection 42359->42362 42363 100dcc19 42360->42363 42361->42363 42364 100dcc27 GlobalHandle GlobalLock LeaveCriticalSection 42363->42364 42365 100dcc42 GlobalLock 42363->42365 42366 100cfb16 42364->42366 42365->42359 42366->42365 42367 4032c7 42370 4037b5 42367->42370 42369 4032d4 42373 4037c8 42370->42373 42371 4037f1 RtlAllocateHeap 42372 40381c 42371->42372 42371->42373 42372->42369 42373->42371 42373->42372 42375 403e63 42373->42375 42376 403e95 42375->42376 42378 403f34 42376->42378 42379 40416c 42376->42379 42378->42373 42380 40417f 42379->42380 42381 4041d5 VirtualAlloc 42380->42381 42382 4041ef 42380->42382 42381->42382 42382->42378 42790 100d866a KiUserCallbackDispatcher 42791 100d86a4 42790->42791 42792 100d8681 42790->42792 42792->42791 42793 100d8696 TranslateMessage DispatchMessageA 42792->42793 42793->42791 42383 100b9a80 42384 100b9aa6 42383->42384 42385 100b9ad0 42384->42385 42386 100b9c16 GetSystemMetrics GetSystemMetrics 42384->42386 42387 100b9bf0 42384->42387 42386->42387 42413 100b9e30 42387->42413 42389 100b9cf1 42390 100d33ea 3 API calls 42389->42390 42391 100b9d01 42390->42391 42392 100b9d1b 42391->42392 42393 100b9d05 42391->42393 42418 100b9ed0 GetWindowLongA 42392->42418 42393->42385 42394 100b9d0d DestroyMenu 42393->42394 42394->42385 42396 100b9d22 GetWindowRect 42397 100b9d3f 42396->42397 42398 100b9d62 42397->42398 42426 100d57cb MoveWindow 42397->42426 42419 100b9960 42398->42419 42401 100b9d68 42402 100b9d7c GetStockObject 42401->42402 42427 100d9ae1 __EH_prolog 42402->42427 42404 100b9d8a 42405 100b9d8e 42404->42405 42406 100b9d91 SendMessageA 42404->42406 42405->42406 42407 100b9da9 SetWindowPos 42406->42407 42408 100b9dbf 42406->42408 42407->42408 42409 100b9ded 42408->42409 42410 100b9dc6 GetSystemMenu 42408->42410 42409->42385 42411 100b9dd8 42410->42411 42411->42409 42412 100b9ddc DeleteMenu 42411->42412 42412->42409 42414 100b9e3b ctype 42413->42414 42415 100b9e51 GetClassInfoA 42414->42415 42416 100b9e62 LoadCursorA GetStockObject 42415->42416 42417 100b9eb5 42415->42417 42416->42417 42417->42389 42418->42396 42425 100b9974 42419->42425 42420 100b99f2 SendMessageA SendMessageA 42421 100b9a2f 42420->42421 42422 100b9a2c DestroyCursor 42420->42422 42423 100b9a39 DestroyCursor 42421->42423 42424 100b9a3c 42421->42424 42422->42421 42423->42424 42424->42401 42425->42420 42426->42398 42427->42404 42428 1002f3d0 42429 1002f3ec 42428->42429 42430 1002f3dc 42428->42430 42431 1002f46a RtlAllocateHeap 42429->42431 42432 1002f45f GetProcessHeap 42429->42432 42433 1002f3f4 42429->42433 42434 1002f481 42431->42434 42432->42431 42435 10038450 42437 10038475 42435->42437 42436 100384b5 42437->42436 42438 100385ef 42437->42438 42443 100d984e 2 API calls 42437->42443 42439 100d33ea 3 API calls 42438->42439 42440 10038628 42439->42440 42440->42436 42441 1003864a SendMessageA 42440->42441 42442 10038678 42440->42442 42444 10038694 42442->42444 42445 1003867d SendMessageA 42442->42445 42446 1003855a GetSysColor 42443->42446 42445->42444 42452 1008d8e0 19 API calls 42446->42452 42448 1003857b 42449 100385b9 DestroyCursor 42448->42449 42450 10038580 42448->42450 42449->42450 42451 100d98c0 ctype 4 API calls 42450->42451 42451->42438 42452->42448 42453 100be958 DrawTextA 42794 1005adf0 42799 1005ae07 42794->42799 42795 1005ae14 PeekMessageA 42795->42799 42796 1005af25 42797 1005ae3d IsWindow 42797->42799 42798 1005af11 PeekMessageA 42798->42799 42799->42795 42799->42796 42799->42797 42799->42798 42454 100c309a 42457 100c30ad 42454->42457 42455 100c30e6 HeapAlloc 42456 100c3111 42455->42456 42455->42457 42457->42455 42457->42456 42458 100d585b 42459 100d5871 42458->42459 42460 100d5862 ShowWindow 42458->42460 42460->42459 42800 100c88bb 42801 100c88fe HeapAlloc 42800->42801 42802 100c88ce HeapReAlloc 42800->42802 42803 100c894e 42801->42803 42804 100c8924 VirtualAlloc 42801->42804 42802->42803 42805 100c88ed 42802->42805 42804->42803 42806 100c893e HeapFree 42804->42806 42805->42801 42806->42803 42461 100c1294 42464 100c12a6 42461->42464 42465 100c12a3 42464->42465 42467 100c12ad 42464->42467 42467->42465 42468 100c12d2 42467->42468 42471 100c12e0 42468->42471 42469 100c1308 RtlAllocateHeap 42470 100c12fd 42469->42470 42470->42467 42471->42469 42471->42470 42472 100d2f56 42473 100d2f67 42472->42473 42474 100d2f62 42472->42474 42476 100d2ce9 __EH_prolog 42473->42476 42477 100d2d0b 42476->42477 42480 100d3cf0 42477->42480 42478 100d2d79 42478->42474 42488 10032240 42480->42488 42505 100354b0 42480->42505 42565 100d2e11 42480->42565 42569 100bbc80 42480->42569 42481 100d3d12 42482 100d3d29 42481->42482 42577 100d3726 42481->42577 42482->42478 42489 10032266 42488->42489 42490 10032335 42488->42490 42582 100d9902 __EH_prolog 42489->42582 42491 100d2e11 2 API calls 42490->42491 42494 1003233c 42491->42494 42493 10032271 GetClientRect GetWindowRect 42586 100d96bc ScreenToClient ScreenToClient 42493->42586 42494->42481 42499 100322ef FillRect 42501 100d3726 2 API calls 42499->42501 42500 100322ec 42500->42499 42502 10032310 42501->42502 42594 100d9974 __EH_prolog DeleteDC __EH_prolog ReleaseDC ctype 42502->42594 42504 10032321 42504->42481 42598 100d99b6 __EH_prolog 42505->42598 42507 100354db 42602 100d9567 GetClipBox 42507->42602 42509 100354f2 IsRectEmpty 42510 10035506 GetClientRect 42509->42510 42511 10035a8d 42509->42511 42512 10035614 IntersectRect CreateRectRgn 42510->42512 42519 10035526 42510->42519 42621 100d9a28 __EH_prolog DeleteDC __EH_prolog EndPaint ctype 42511->42621 42514 100d9af6 __EH_prolog 42512->42514 42516 10035661 42514->42516 42515 10035aa1 42515->42481 42604 100d9577 SelectClipRgn SelectClipRgn 42516->42604 42518 1003566f 42521 10035679 42518->42521 42529 100356e6 42518->42529 42519->42512 42603 100212d0 22 API calls 42519->42603 42520 1003582b 42525 10035874 GetCurrentObject 42520->42525 42564 10035852 42520->42564 42605 10035ac0 50 API calls 42521->42605 42523 100355b8 42526 100355bd InflateRect 42523->42526 42533 100355d3 42523->42533 42610 100d9ae1 __EH_prolog 42525->42610 42526->42533 42540 100356de 42529->42540 42606 100210a0 SetRect OffsetRect IntersectRect IsRectEmpty OffsetRect 42529->42606 42530 100357f0 FillRgn 42609 100d9b4d __EH_prolog DeleteObject 42530->42609 42531 100358d2 42612 100d910e GetStockObject SelectObject SelectObject __EH_prolog 42531->42612 42533->42512 42537 10035778 42537->42540 42607 100d9b4d __EH_prolog DeleteObject 42537->42607 42538 1003589b 42538->42531 42542 100358c2 42538->42542 42540->42520 42608 100d9bb3 __EH_prolog __EH_prolog CreateSolidBrush 42540->42608 42611 100d914a SelectObject SelectObject __EH_prolog 42542->42611 42543 100358d0 42613 100d9226 SetBkMode SetBkMode 42543->42613 42546 10035934 42547 10035978 42546->42547 42548 1003593c 42546->42548 42550 100359c8 42547->42550 42551 1003597d 42547->42551 42614 100d92de SetTextColor SetTextColor 42548->42614 42554 10035a13 42550->42554 42616 100d92de SetTextColor SetTextColor 42550->42616 42615 100d92de SetTextColor SetTextColor 42551->42615 42552 1003594a OffsetRect 42552->42554 42617 100d92de SetTextColor SetTextColor 42554->42617 42556 1003598b OffsetRect 42556->42554 42558 10035a2e 42618 100d914a SelectObject SelectObject __EH_prolog 42558->42618 42560 100359d8 OffsetRect 42560->42554 42562 10035a52 42619 100d9b4d __EH_prolog DeleteObject 42562->42619 42620 100d9b4d __EH_prolog DeleteObject 42564->42620 42566 100d2e23 42565->42566 42568 100d3726 2 API calls 42566->42568 42567 100d2e36 42567->42481 42568->42567 42570 100d99b6 2 API calls 42569->42570 42571 100bbca5 42570->42571 42622 100d9567 GetClipBox 42571->42622 42573 100bbcbb IsRectEmpty 42574 100bbccb 42573->42574 42623 100d9a28 __EH_prolog DeleteDC __EH_prolog EndPaint ctype 42574->42623 42576 100bbced 42576->42481 42578 100d3755 CallWindowProcA 42577->42578 42579 100d3733 42577->42579 42580 100d3768 42578->42580 42579->42578 42581 100d3741 DefWindowProcA 42579->42581 42580->42482 42581->42580 42584 100d9918 42582->42584 42583 100d992c GetWindowDC 42585 100d993e 42583->42585 42584->42583 42585->42493 42595 100d570d 42586->42595 42588 100322a3 OffsetRect 42589 100d95f9 42588->42589 42590 100d9620 42589->42590 42591 100d9612 ExcludeClipRect 42589->42591 42592 100322cc OffsetRect 42590->42592 42593 100d9627 ExcludeClipRect 42590->42593 42591->42590 42592->42499 42592->42500 42593->42592 42594->42504 42596 100d5714 GetWindowLongA 42595->42596 42597 100d5720 42595->42597 42596->42588 42599 100d8eff 42598->42599 42600 100d99cc BeginPaint 42599->42600 42601 100d99f2 42600->42601 42601->42507 42602->42509 42603->42523 42604->42518 42605->42540 42606->42537 42607->42540 42608->42530 42609->42520 42610->42538 42611->42543 42612->42543 42613->42546 42614->42552 42615->42556 42616->42560 42617->42558 42618->42562 42619->42564 42620->42511 42621->42515 42622->42573 42623->42576 42807 100bccb0 42808 100d2e11 2 API calls 42807->42808 42811 100bccbe 42808->42811 42809 100bcf0c 42810 100bce01 IsWindow 42810->42809 42812 100bce12 KiUserCallbackDispatcher IsWindow 42810->42812 42811->42809 42811->42810 42813 100bccf9 GetParent 42811->42813 42812->42809 42815 100bce27 42812->42815 42819 100bcd06 42813->42819 42814 100bce82 42816 100bcecb IsWindow 42814->42816 42815->42814 42817 100bce77 IsWindow 42815->42817 42816->42809 42818 100bced8 42816->42818 42817->42809 42817->42814 42818->42809 42821 100bcee6 GetFocus 42818->42821 42819->42810 42831 100d5882 IsWindowEnabled 42819->42831 42821->42809 42822 100bcef2 IsWindow 42821->42822 42822->42809 42823 100bcefd IsChild 42822->42823 42823->42809 42824 100bcd21 42824->42810 42825 100bcd97 IsWindow 42824->42825 42826 100bcdb5 GetParent 42824->42826 42827 100bcdc6 IsWindowVisible 42824->42827 42829 100bcde7 SetActiveWindow 42824->42829 42832 100d5882 IsWindowEnabled 42824->42832 42825->42824 42826->42824 42827->42824 42830 100bcdf7 42829->42830 42831->42824 42832->42824 42624 100ddf50 42627 100ddf5a 42624->42627 42626 100ddf55 42628 100ddfcc GetVersion 42627->42628 42629 100de00d GetProcessVersion 42628->42629 42630 100de01f 42628->42630 42629->42630 42631 100de030 LoadCursorA LoadCursorA 42630->42631 42631->42626

                                                            Executed Functions

                                                            Function 100DDF5A Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • GetVersion.KERNEL32(?,?,?,100DDF55), ref: 100DDFD1
                                                            • GetProcessVersion.KERNEL32(00000000,?,?,?,100DDF55), ref: 100DE00E
                                                            • LoadCursorA.USER32(00000000,00007F02), ref: 100DE03C
                                                            • LoadCursorA.USER32(00000000,00007F00), ref: 100DE047
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: CursorLoadVersion$Process
                                                            • String ID:
                                                            • API String ID: 2246821583-0
                                                            • Opcode ID: eda127fdaa7ee11fc1c7bcef232f2667582ff148132cb11020cae3592e78338c
                                                            • Instruction ID: 85d3bab6a2d1e4a67a586d09adedae3cdcb82bd9a28b97f84b08868ead1ac373
                                                            • Opcode Fuzzy Hash: eda127fdaa7ee11fc1c7bcef232f2667582ff148132cb11020cae3592e78338c
                                                            • Instruction Fuzzy Hash: 74113AB1A04B608FE728DF3E988452ABBE5FB487047514E3EE18BD6B51D774A4408B50
                                                            Function 1002D07F Relevance: 1.3, APIs: 1, Instructions: 37memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetProcessHeap.KERNEL32 ref: 1002D08B
                                                              • Part of subcall function 1005F160: VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 1005F1A5
                                                              • Part of subcall function 1005F160: OleInitialize.OLE32(00000000), ref: 1005F26A
                                                              • Part of subcall function 1005F160: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,?,00000000), ref: 1005F288
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: AllocFileHeapInitializeModuleNameProcessVirtual
                                                            • String ID:
                                                            • API String ID: 144324537-0
                                                            • Opcode ID: 7f6c8959160818be3ea33049f77f50940954714f83a0d7af3bb97a15e059bc00
                                                            • Instruction ID: 8eb206b78b4e7f76cbb9a632339025b006c996afcefc967fdb244047a5af7a7a
                                                            • Opcode Fuzzy Hash: 7f6c8959160818be3ea33049f77f50940954714f83a0d7af3bb97a15e059bc00
                                                            • Instruction Fuzzy Hash: 6101C975A01208EFC744DFA8D994EDEBBB9FF88324F1442ADE948D7341D631AA41CB90
                                                            Function 0040113A Relevance: 45.8, APIs: 10, Strings: 16, Instructions: 324fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 0 40113a-401188 CreateFileA 2 401196-4011ac SetFilePointer 0->2 3 40118a-401191 0->3 5 4011b2-4011c9 ReadFile 2->5 6 4014dc-4014e3 2->6 4 4014fa-4014fd 3->4 9 401512-401529 4->9 10 4014ff-401502 call 401507 4->10 7 4014e5 5->7 8 4011cf-4011d3 5->8 6->4 13 4014ec-4014ef 7->13 8->7 12 4011d9-4011e6 8->12 10->9 12->6 15 4011ec-4011ef 12->15 13->4 16 4014f1-4014f9 call 4033e0 13->16 15->6 18 4011f5-4011f8 15->18 16->4 18->6 20 4011fe-40120a call 40346b 18->20 24 401210-401223 SetFilePointer 20->24 25 401342-401349 20->25 26 4014d3-4014da 24->26 27 401229-40123e ReadFile 24->27 25->13 26->13 27->26 28 401244-40124a 27->28 28->26 29 401250-401256 28->29 29->26 30 40125c-401273 29->30 32 401281-4012a3 call 401119 30->32 33 401275-40127c 30->33 36 4012d3-4012e9 call 403300 call 4033f0 32->36 37 4012a5-4012d1 call 64d7b1 call 403300 32->37 33->13 46 4012ed-40131b CreateDirectoryA call 403300 36->46 37->46 49 401321-401327 46->49 50 4014ca-4014d1 46->50 49->50 51 40132d-40132f 49->51 50->13 51->50 52 401335-401340 call 40346b 51->52 52->25 55 40134e-401364 call 403248 52->55 58 401366-401374 call 4033e0 55->58 59 401379-401394 call 4033e0 55->59 58->13 64 40139a-4013ba call 4033f0 call 405c00 59->64 65 40144e-401455 59->65 70 4013bc-4013cb call 405c00 64->70 71 4013cd-4013d8 call 4032f0 64->71 65->13 70->71 76 4013d9-401425 call 4032f0 call 403300 CreateFileA 70->76 71->76 81 401427-40143d WriteFile CloseHandle 76->81 82 40143e-401443 76->82 81->82 82->64 83 401449-40144c 82->83 83->65 84 40145a-40148f call 4032f0 call 403300 LoadLibraryA 83->84 89 401491-401498 84->89 90 40149a-4014a8 84->90 89->13 92 4014b3-4014bf 90->92 93 4014aa-4014b1 90->93 92->13 95 4014c1-4014c8 92->95 93->13 95->13
                                                            APIs
                                                            • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0040117D
                                                            • SetFilePointer.KERNEL32(00000000,000000F8,00000000,00000002), ref: 004011A2
                                                            • ReadFile.KERNEL32(00000000,?,00000008,?,00000000), ref: 004011C1
                                                            • SetFilePointer.KERNEL32(00000000,?,00000000,00000002), ref: 0040121E
                                                            • ReadFile.KERNEL32(00000000,?,?,?,00000000), ref: 00401236
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: File$PointerRead$Create
                                                            • String ID: Can't open file!$Can't retrieve the temporary directory!$E_N%X$Error$Failed to decompress data!$Failed to load kernel library!$Failed to read data from the file!$Failed to read file or invalid data in file!$GetNewSock$Insufficient memory!$Invalid data in the file!$Not found the kernel library!$The interface of kernel library is invalid!$The kernel library is invalid!$krnln.fne$krnln.fnr
                                                            • API String ID: 2716178264-4149602642
                                                            • Opcode ID: 7adef21d3649fe8327b29af64b1cc7a4d62c48c9bb55d8a131a529dc20ebf2f2
                                                            • Instruction ID: ab1cdca87befdda0e1688dd41a0293bd8d52c178f892e5cfe8474066d66a9f52
                                                            • Opcode Fuzzy Hash: 7adef21d3649fe8327b29af64b1cc7a4d62c48c9bb55d8a131a529dc20ebf2f2
                                                            • Instruction Fuzzy Hash: 34B19671C00208AADF20EF95CD85AEF7BBCAB04318F20417BF504B72E1D778AA459B59
                                                            Function 1005F160 Relevance: 27.4, APIs: 8, Strings: 7, Instructions: 1197commemorythreadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 1005F1A5
                                                            • OleInitialize.OLE32(00000000), ref: 1005F26A
                                                            • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,?,00000000), ref: 1005F288
                                                            • SetCurrentDirectoryA.KERNEL32(?,00000000,?,?,?,00000000), ref: 1005F2E8
                                                            • GetCurrentDirectoryA.KERNEL32(00000104,00000000,00000000,?,?,?,00000000), ref: 1005F2FC
                                                            • LoadCursorA.USER32(00000000,00007F00), ref: 1005F380
                                                            • GetStockObject.GDI32(00000005), ref: 1005F399
                                                            • GetCurrentThreadId.KERNEL32 ref: 1005F3C3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: Current$Directory$AllocCursorFileInitializeLoadModuleNameObjectStockThreadVirtual
                                                            • String ID: @reloc1$_EL_HideOwner$cominf$export$import$mp3$odbcdb
                                                            • API String ID: 3744444048-582641313
                                                            • Opcode ID: bcce11244e4369b42a92f6ba532de2171ddb154bea8508bca5a8dece9f0b2acb
                                                            • Instruction ID: 35a7026f4af95c44e1440a9d2f9af3c603028d4d54b897feca36dda4d22e4f7d
                                                            • Opcode Fuzzy Hash: bcce11244e4369b42a92f6ba532de2171ddb154bea8508bca5a8dece9f0b2acb
                                                            • Instruction Fuzzy Hash: F2A27D75A002199FDB14CF68C881BAEB7F5FF48354F14416DE909AB392EB34AD45CBA0
                                                            Function 100BCCB0 Relevance: 19.7, APIs: 13, Instructions: 187windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 429 100bccb0-100bccca call 100d2e11 432 100bcf12-100bcf19 429->432 433 100bccd0-100bccdb 429->433 434 100bce01-100bce0c IsWindow 433->434 435 100bcce1-100bcce7 433->435 434->432 437 100bce12-100bce21 KiUserCallbackDispatcher IsWindow 434->437 435->434 436 100bcced-100bccf3 435->436 436->434 439 100bccf9-100bcd08 GetParent call 100d2eaa 436->439 437->432 438 100bce27-100bce2b 437->438 440 100bce2d-100bce33 438->440 441 100bce82-100bced6 call 1005d130 IsWindow 438->441 439->434 448 100bcd0e-100bcd14 439->448 440->441 443 100bce35-100bce7c call 1005d130 IsWindow 440->443 441->432 450 100bced8-100bcede 441->450 443->432 443->441 448->434 451 100bcd1a-100bcd23 call 100d5882 448->451 450->432 453 100bcee0-100bcee4 450->453 451->434 456 100bcd29-100bcd2f 451->456 453->432 455 100bcee6-100bcef0 GetFocus 453->455 455->432 457 100bcef2-100bcefb IsWindow 455->457 456->434 458 100bcd35-100bcd47 call 1005d130 456->458 457->432 459 100bcefd-100bcf0a IsChild 457->459 463 100bcd4d-100bcd65 call 10057390 458->463 459->432 461 100bcf0c 459->461 461->432 463->434 466 100bcd6b-100bcd95 call 10056c70 call 1002fe70 * 2 463->466 473 100bcd49 466->473 474 100bcd97-100bcda3 IsWindow 466->474 473->463 474->473 475 100bcda5-100bcdaa 474->475 475->473 476 100bcdac-100bcdb3 475->476 476->473 477 100bcdb5-100bcdc4 GetParent call 100d2eaa 476->477 477->473 480 100bcdc6-100bcdd2 IsWindowVisible 477->480 480->473 481 100bcdd8-100bcde1 call 100d5882 480->481 481->473 484 100bcde7-100bcdfe SetActiveWindow call 100d2eaa 481->484
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: Window$Parent$ActiveCallbackChildDispatcherEnabledFocusUserVisible
                                                            • String ID:
                                                            • API String ID: 416498738-0
                                                            • Opcode ID: e48ef69e9ad98427ff18e2d586016b9ebc808b6ac74678f7a64620dbe28774be
                                                            • Instruction ID: 16462c4c5cf7786198b247ab8d7deb58353712a116cee9340dbf9bf0c61f0d64
                                                            • Opcode Fuzzy Hash: e48ef69e9ad98427ff18e2d586016b9ebc808b6ac74678f7a64620dbe28774be
                                                            • Instruction Fuzzy Hash: A951AD7960031ADBD714DFA5C884E6BBBE8FB44381F05092EF95AA7210DB31E845CBA1
                                                            Function 100354B0 Relevance: 15.4, APIs: 10, Instructions: 430COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 487 100354b0-100354d6 call 100d99b6 489 100354db-10035500 call 100d9567 IsRectEmpty 487->489 492 10035506-10035520 GetClientRect 489->492 493 10035a8d-10035ab9 call 100d9a28 489->493 494 10035526-10035529 492->494 495 10035614-10035677 IntersectRect CreateRectRgn call 100d9af6 call 100d9577 492->495 494->495 497 1003552f-10035539 494->497 509 100356e6-100356ec 495->509 510 10035679-1003567f 495->510 500 10035544-1003554c 497->500 501 1003553b-1003553f 497->501 504 10035553-1003555b 500->504 505 1003554e-10035552 500->505 501->500 507 10035562-10035565 504->507 508 1003555d-10035561 504->508 505->504 507->495 511 1003556b-100355bb call 10020150 call 100212d0 507->511 508->507 512 100356f2-100356ff 509->512 513 100357c7-100357d2 509->513 514 10035681-1003568c 510->514 515 100356ad-100356e1 call 10030210 call 10035ac0 510->515 544 100355d3-1003560f call 1002f5b0 * 2 511->544 545 100355bd-100355cd InflateRect 511->545 517 10035701-10035705 512->517 518 1003570a-10035715 512->518 519 100357d4-100357d8 513->519 520 1003582b-10035850 call 100d3858 513->520 521 10035692 514->521 522 1003568e-10035690 514->522 515->513 517->518 525 10035717-1003571b 518->525 526 1003571c-10035727 518->526 519->520 527 100357da-100357f2 call 10030210 call 100d9bb3 519->527 539 10035852-1003586f call 100d6083 520->539 540 10035874-100358a3 GetCurrentObject call 100d9ae1 520->540 528 10035695-100356a4 call 1008d790 521->528 522->528 525->526 533 10035729-1003572d 526->533 534 1003572e-10035731 526->534 562 100357f4-100357f6 527->562 563 100357f8 527->563 528->515 551 100356a6-100356a8 call 1002f5b0 528->551 533->534 534->513 542 10035737-1003577b call 10020150 call 100210a0 534->542 559 10035a84-10035a88 call 100d9b4d 539->559 560 100358d2-100358d8 call 100d910e 540->560 561 100358a5-100358a7 540->561 575 10035786-100357c2 call 1002f5b0 * 2 542->575 576 1003577d-10035781 call 100d9b4d 542->576 544->495 545->544 551->515 559->493 572 100358dd-100358eb 560->572 567 100358a9-100358ab 561->567 568 100358ad 561->568 570 100357fb-10035826 FillRgn call 100d9b4d 562->570 563->570 573 100358b0-100358c0 call 10030250 567->573 568->573 570->520 578 100358f4-100358f7 572->578 579 100358ed-100358f2 572->579 573->560 589 100358c2-100358d0 call 100d914a 573->589 575->513 576->575 583 100358fe-10035905 578->583 584 100358f9 578->584 579->583 587 10035907-1003590a 583->587 588 1003590c-10035915 583->588 584->583 590 10035929-1003593a call 100d9226 587->590 591 10035917-1003591a 588->591 592 1003591c-1003591f 588->592 589->572 599 10035978-1003597b 590->599 600 1003593c-10035973 call 100d92de OffsetRect 590->600 591->590 594 10035921-10035924 592->594 595 10035926 592->595 594->590 595->590 602 100359c8-100359cb 599->602 603 1003597d-100359c6 call 100d92de OffsetRect 599->603 606 10035a21-10035a7c call 100d92de call 100d914a call 100d9b4d call 100d6083 600->606 602->606 607 100359cd-10035a10 call 100d92de OffsetRect 602->607 613 10035a13-10035a1a 603->613 606->559 607->613 613->606
                                                            APIs
                                                              • Part of subcall function 100D99B6: __EH_prolog.LIBCMT ref: 100D99BB
                                                              • Part of subcall function 100D99B6: BeginPaint.USER32(?,?,?,?,10002745), ref: 100D99E4
                                                              • Part of subcall function 100D9567: GetClipBox.GDI32(?,?), ref: 100D956E
                                                            • IsRectEmpty.USER32(?), ref: 100354F7
                                                            • GetClientRect.USER32(?,?), ref: 1003550F
                                                            • InflateRect.USER32(?,?,?), ref: 100355CD
                                                            • IntersectRect.USER32(?,?,?), ref: 10035637
                                                            • CreateRectRgn.GDI32(?,?,?,?), ref: 10035651
                                                            • FillRgn.GDI32(?,?,?), ref: 10035810
                                                            • GetCurrentObject.GDI32(?,00000006), ref: 1003588F
                                                              • Part of subcall function 100D910E: GetStockObject.GDI32(?), ref: 100D9117
                                                              • Part of subcall function 100D910E: SelectObject.GDI32(?,00000000), ref: 100D9131
                                                              • Part of subcall function 100D910E: SelectObject.GDI32(?,00000000), ref: 100D913C
                                                            • OffsetRect.USER32(?,00000001,00000001), ref: 1003596D
                                                            • OffsetRect.USER32(?,00000002,00000002), ref: 10035A01
                                                            • OffsetRect.USER32(?,00000001,00000001), ref: 100359B4
                                                              • Part of subcall function 100D92DE: SetTextColor.GDI32(?,?), ref: 100D92F8
                                                              • Part of subcall function 100D92DE: SetTextColor.GDI32(?,?), ref: 100D9306
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: Rect$Object$Offset$ColorSelectText$BeginClientClipCreateCurrentEmptyFillH_prologInflateIntersectPaintStock
                                                            • String ID:
                                                            • API String ID: 4264835570-0
                                                            • Opcode ID: 246bda99326c783e50b5eb631c44e8b2aa4d1b90c0309c8202785463e696854d
                                                            • Instruction ID: d75b3eb480ec535a405786addcb67d4788c9ec9e751fa5178f0dd1d0ebbc1ed4
                                                            • Opcode Fuzzy Hash: 246bda99326c783e50b5eb631c44e8b2aa4d1b90c0309c8202785463e696854d
                                                            • Instruction Fuzzy Hash: CA0258755087819FD325CF64C885AABB7E9FBC8302F404D1DF19A8B2A0DB71E945CB62
                                                            Function 100DCB8B Relevance: 15.1, APIs: 10, Instructions: 99memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(10127A70,10127A8C,00000100,?,10127A54,10127A54,100DCF67,?,00000100,100DD3BC,100DC583,100D8A77,00000100,100D8A10,1002DBFA,?), ref: 100DCB9A
                                                            • GlobalAlloc.KERNEL32(00002002,00000000,1002DBFA,?,10127A54,10127A54,100DCF67,?,00000100,100DD3BC,100DC583,100D8A77,00000100,100D8A10,1002DBFA,?), ref: 100DCBEF
                                                            • GlobalHandle.KERNEL32(00BBFE28), ref: 100DCBF8
                                                            • GlobalUnlock.KERNEL32(00000000), ref: 100DCC01
                                                            • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100DCC13
                                                            • GlobalHandle.KERNEL32(00BBFE28), ref: 100DCC2A
                                                            • GlobalLock.KERNEL32(00000000), ref: 100DCC31
                                                            • LeaveCriticalSection.KERNEL32(1002DBFA,?,10127A54,10127A54,100DCF67,?,00000100,100DD3BC,100DC583,100D8A77,00000100,100D8A10,1002DBFA,?,00000100), ref: 100DCC37
                                                            • GlobalLock.KERNEL32(?), ref: 100DCC46
                                                            • LeaveCriticalSection.KERNEL32(?,?,?), ref: 100DCC8F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                            • String ID:
                                                            • API String ID: 2667261700-0
                                                            • Opcode ID: 5f5b30f765181527e08078d1af162f873cfc47d7198157d6886770e9b064e1b5
                                                            • Instruction ID: 40b90e58071d6a3d79048941c96e3d507aa40b2e37cc937fcebf0343487bc2a7
                                                            • Opcode Fuzzy Hash: 5f5b30f765181527e08078d1af162f873cfc47d7198157d6886770e9b064e1b5
                                                            • Instruction Fuzzy Hash: E9317C7560070A9FE724CF28DCC9E2AB7E9FB44600B00492EF95AD77A1E771F9048B20
                                                            Function 10030B40 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 267windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 641 10030b40-10030b73 call 100d2947 644 10030b80 641->644 645 10030b75-10030b7e call 10031f30 641->645 647 10030b82-10030b8c 644->647 645->647 649 10030b8e-10030ba2 call 100300a0 647->649 650 10030bad-10030bbf 647->650 653 10030bc2-10030bef 649->653 654 10030ba4-10030ba8 649->654 655 10030bf1 653->655 656 10030bf7-10030bfb 653->656 654->650 655->656 657 10030c37 656->657 658 10030bfd-10030c09 656->658 661 10030c3d-10030c43 657->661 659 10030c10 658->659 660 10030c0b-10030c0e 658->660 662 10030c16-10030c17 659->662 660->659 660->662 663 10030c53-10030c57 661->663 664 10030c45-10030c46 661->664 669 10030c19-10030c1a 662->669 670 10030c2f-10030c35 662->670 667 10030c61 663->667 668 10030c59-10030c5a 663->668 665 10030c50 664->665 666 10030c48-10030c49 664->666 665->663 666->663 671 10030c4b-10030c4e 666->671 672 10030c67-10030c6e 667->672 668->672 673 10030c5c-10030c5f 668->673 674 10030c27-10030c2d 669->674 675 10030c1c-10030c1d 669->675 670->661 671->663 676 10030c70-10030c71 672->676 677 10030c78 672->677 673->672 674->661 675->661 678 10030c1f-10030c25 675->678 679 10030c73-10030c76 676->679 680 10030c7b-10030cd8 call 10030210 CreateSolidBrush call 100d9af6 call 100d33ea 676->680 677->680 678->661 679->680 680->650 687 10030cde-10030cea call 10030e70 680->687 690 10030d02-10030d1f SendMessageA 687->690 691 10030cec-10030cfd call 100d580c 687->691 693 10030d33-10030d38 690->693 694 10030d21-10030d31 SendMessageA 690->694 691->690 695 10030e1f-10030e6a SendMessageA * 2 call 10030190 693->695 696 10030d3e-10030d46 693->696 694->693 696->695 698 10030d4c-10030d53 696->698 700 10030d55-10030d58 698->700 701 10030d5f 698->701 700->701 702 10030d5a-10030d5d 700->702 703 10030d64-10030d9e call 100d52da call 100d33ea 701->703 702->701 702->703 708 10030da0-10030da6 703->708 709 10030da8-10030dd2 703->709 710 10030e19 708->710 711 10030dd6-10030dd8 709->711 712 10030dd4 709->712 710->695 713 10030dda 711->713 714 10030ddc-10030e07 SendMessageA 711->714 712->711 713->714 715 10030e12-10030e14 call 10032d60 714->715 716 10030e09-10030e0d call 100d589d 714->716 715->710 716->715
                                                            APIs
                                                            • CreateSolidBrush.GDI32(00000000), ref: 10030C88
                                                            • SendMessageA.USER32(?,000000C5,?,00000000), ref: 10030D19
                                                            • SendMessageA.USER32(?,000000CC,?,00000000), ref: 10030D31
                                                            • SendMessageA.USER32(?,00000465,00000000,?), ref: 10030DFB
                                                            • SendMessageA.USER32(?,000000B1,?,?), ref: 10030E38
                                                            • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 10030E47
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$BrushCreateSolid
                                                            • String ID: EDIT$msctls_updown32
                                                            • API String ID: 943060551-1401569126
                                                            • Opcode ID: f92c980adadbd37b466f81361f6022394a21a35292fbd635b70332f5804c188d
                                                            • Instruction ID: 12fcdbebfcf41e95d843acdbb885b9638131a67d56811639f08d63909bfe40c7
                                                            • Opcode Fuzzy Hash: f92c980adadbd37b466f81361f6022394a21a35292fbd635b70332f5804c188d
                                                            • Instruction Fuzzy Hash: E991CD71711B059FE225DB24CCA1B6BB3E5FB84B81F108A1CF696DB280EA74F804CB51
                                                            Function 100B9A80 Relevance: 13.8, APIs: 9, Instructions: 289COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 719 100b9a80-100b9ab5 call 100d2947 722 100b9ac2 719->722 723 100b9ab7-100b9ac0 call 100baea0 719->723 725 100b9ac4-100b9ace 722->725 723->725 727 100b9ad0-100b9ad2 725->727 728 100b9ad7-100b9aeb call 100300a0 725->728 730 100b9df8-100b9e0a 727->730 732 100b9afd-100b9b32 728->732 733 100b9aed-100b9af8 728->733 734 100b9b7d-100b9b81 732->734 735 100b9b34-100b9b41 732->735 733->730 739 100b9b86-100b9b8a 734->739 737 100b9b48-100b9b5b 735->737 738 100b9b43-100b9b46 735->738 740 100b9b65-100b9b6b 737->740 741 100b9b5d 737->741 738->737 738->740 742 100b9b8c 739->742 743 100b9bc0-100b9bc3 739->743 751 100b9b6d-100b9b75 740->751 752 100b9b77-100b9b7b 740->752 741->740 742->743 744 100b9b9d 742->744 745 100b9bad 742->745 746 100b9b93-100b9b9b 742->746 747 100b9ba5-100b9bab 742->747 748 100b9bb5-100b9bb9 742->748 749 100b9bcd-100b9bd0 743->749 750 100b9bc5 743->750 744->747 745->748 746->743 753 100b9bbc 747->753 748->753 754 100b9bda-100b9be8 749->754 755 100b9bd2 749->755 750->749 751->739 752->739 753->743 756 100b9bea-100b9bee 754->756 757 100b9c3e-100b9c4f 754->757 755->754 760 100b9bf0-100b9bf1 756->760 761 100b9c16-100b9c3c GetSystemMetrics * 2 756->761 758 100b9c6b-100b9c75 757->758 759 100b9c51-100b9c57 757->759 764 100b9c7b 758->764 762 100b9c59-100b9c69 759->762 763 100b9c7f-100b9c8e 759->763 765 100b9c0c-100b9c14 760->765 766 100b9bf3-100b9bf4 760->766 761->757 762->764 767 100b9c99-100b9c9b 763->767 768 100b9c90-100b9c97 763->768 764->763 765->757 766->757 769 100b9bf6-100b9bff 766->769 770 100b9cb1-100b9cc2 767->770 771 100b9c9d-100b9ca5 767->771 768->767 768->770 769->757 772 100b9c01-100b9c0a 769->772 774 100b9cc8-100b9d03 call 100b9e30 call 100d33ea 770->774 775 100b9cc4 770->775 771->770 773 100b9ca7-100b9cad 771->773 772->757 773->770 780 100b9d1b-100b9d3d call 100b9ed0 GetWindowRect 774->780 781 100b9d05-100b9d0b 774->781 775->774 786 100b9d3f-100b9d4f 780->786 787 100b9d51-100b9d5d call 100d57cb 780->787 782 100b9d0d-100b9d0e DestroyMenu 781->782 783 100b9d14-100b9d16 781->783 782->783 783->730 786->787 788 100b9d62-100b9d63 call 100b9960 786->788 787->788 791 100b9d68-100b9d73 788->791 792 100b9d7c-100b9d8c GetStockObject call 100d9ae1 791->792 793 100b9d75-100b9d77 call 100bb400 791->793 797 100b9d8e 792->797 798 100b9d91-100b9da7 SendMessageA 792->798 793->792 797->798 799 100b9da9-100b9db9 SetWindowPos 798->799 800 100b9dbf-100b9dc4 798->800 799->800 801 100b9ded-100b9df6 call 100b98a0 800->801 802 100b9dc6-100b9dda GetSystemMenu call 100d6f7a 800->802 801->730 802->801 807 100b9ddc-100b9de7 DeleteMenu 802->807 807->801
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a9ee71fa06b3c1d751082bc8c4a761130b86757b03684ca8de3b5e3e7279fc9a
                                                            • Instruction ID: da2f6eb5d02900ec95320a1f81ac5c8054473925d0bf86443ecfd4925b408b74
                                                            • Opcode Fuzzy Hash: a9ee71fa06b3c1d751082bc8c4a761130b86757b03684ca8de3b5e3e7279fc9a
                                                            • Instruction Fuzzy Hash: 44B16978608741AFE714CF69C985B1BBBE6FB84784F508A2CF596872A0D770E841CB52
                                                            Function 100447E0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 226windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 808 100447e0-10044815 call 100d2947 811 10044817-10044820 call 10045130 808->811 812 10044822 808->812 814 10044824-1004482e 811->814 812->814 816 10044830-10044844 call 100300a0 814->816 817 1004484f-10044863 814->817 820 10044866-10044888 816->820 821 10044846-1004484a 816->821 822 1004488d-10044890 820->822 823 1004488a 820->823 821->817 824 10044895-10044898 822->824 825 10044892 822->825 823->822 826 1004489d-100448a2 824->826 827 1004489a 824->827 825->824 828 100448a4-100448a7 826->828 829 100448a9-100448ab 826->829 827->826 830 100448b5-100448ba 828->830 831 100448b2 829->831 832 100448ad-100448b0 829->832 833 100448c1-100448c3 830->833 834 100448bc-100448bf 830->834 831->830 832->830 836 100448c5-100448c8 833->836 837 100448ca 833->837 835 100448cd-100448f3 call 10030210 CreateSolidBrush call 100d9af6 834->835 842 100449b0-100449e4 call 100d33ea 835->842 843 100448f9-100448fd 835->843 836->835 837->835 847 100449e9-100449ec 842->847 845 10044903 843->845 846 100448ff-10044901 843->846 848 10044906-10044915 call 1008d790 845->848 846->848 847->817 849 100449f2-10044a0f call 10030410 847->849 848->842 854 1004491b-10044941 call 100d984e call 1008d8e0 848->854 855 10044a25-10044a28 849->855 856 10044a11-10044a23 849->856 864 10044943-1004494e 854->864 865 1004495f-10044967 854->865 859 10044a3d-10044a6c SendMessageA 855->859 860 10044a2a-10044a3a 855->860 858 10044a3b SendMessageA 856->858 858->859 860->858 866 10044950-10044953 864->866 867 1004495a-1004495d 864->867 868 100449a1 865->868 869 10044969-10044979 865->869 866->867 871 10044955-10044958 866->871 870 100449a7-100449ab call 100d98c0 867->870 868->870 872 10044985-1004498a 869->872 873 1004497b-10044982 DestroyCursor 869->873 870->842 871->870 875 1004498c-10044995 call 100d2970 872->875 876 10044998-1004499e call 100d2970 872->876 873->872 875->876 876->868
                                                            APIs
                                                            • CreateSolidBrush.GDI32(00000000), ref: 100448DC
                                                            • DestroyCursor.USER32(?), ref: 1004497C
                                                            • SendMessageA.USER32(?,000000F7,00000000,?), ref: 10044A3B
                                                            • SendMessageA.USER32(?,000000F1,00000000,00000000), ref: 10044A56
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$BrushCreateCursorDestroySolid
                                                            • String ID: BUTTON
                                                            • API String ID: 2198832287-3405671355
                                                            • Opcode ID: 7cb346718ab92aaaaccb74288882632c8f5d98f5b5b6c6c5972e5c84d508531f
                                                            • Instruction ID: 052bcc7ada964f72c72f1f47eaa30166f03e6e6c00f835f6ac9e9968942e6215
                                                            • Opcode Fuzzy Hash: 7cb346718ab92aaaaccb74288882632c8f5d98f5b5b6c6c5972e5c84d508531f
                                                            • Instruction Fuzzy Hash: 15716AB5604785AFD224DF24C880A6BB7E9FB85740F224A2DF596C3780DF31BC449B66
                                                            Function 10038450 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 207windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 881 10038450-10038484 call 100d2947 884 10038491 881->884 885 10038486-1003848f call 10038b40 881->885 887 10038493-1003849d 884->887 885->887 889 1003849f-100384b3 call 100300a0 887->889 890 100384be-100384d1 887->890 893 100384b5-100384b9 889->893 894 100384d4-100384ec 889->894 893->890 895 100384f1-100384f6 894->895 896 100384ee 894->896 897 100384f8-100384fb 895->897 898 100384fd-10038500 895->898 896->895 899 1003850a-1003850f 897->899 900 10038502-10038505 898->900 901 10038507 898->901 902 10038511-10038514 899->902 903 10038516-10038519 899->903 900->899 901->899 904 10038523-10038528 902->904 905 10038520 903->905 906 1003851b-1003851e 903->906 907 100385ef-10038623 call 100d33ea 904->907 908 1003852e-10038532 904->908 905->904 906->904 913 10038628-1003862b 907->913 909 10038534-10038536 908->909 910 10038538 908->910 912 1003853b-1003854a call 1008d790 909->912 910->912 912->907 919 10038550-1003857e call 100d984e GetSysColor call 1008d8e0 912->919 913->890 915 10038631-10038648 call 10030410 913->915 920 1003864a-10038675 SendMessageA 915->920 921 10038678-1003867b 915->921 928 10038580-1003858b 919->928 929 1003859c-100385a5 919->929 923 10038694-100386a7 921->923 924 1003867d-1003868e SendMessageA 921->924 924->923 930 10038597-1003859a 928->930 931 1003858d-10038590 928->931 932 100385a7-100385b7 929->932 933 100385df-100385e5 929->933 936 100385e6-100385ea call 100d98c0 930->936 931->930 937 10038592-10038595 931->937 934 100385c3-100385c8 932->934 935 100385b9-100385c0 DestroyCursor 932->935 933->936 938 100385d6-100385dc call 100d2970 934->938 939 100385ca-100385d3 call 100d2970 934->939 935->934 936->907 937->936 938->933 939->938
                                                            APIs
                                                            • GetSysColor.USER32(0000000F), ref: 1003855C
                                                            • DestroyCursor.USER32(?), ref: 100385BA
                                                            • SendMessageA.USER32(?,000000F7,00000001,?), ref: 1003865C
                                                            • SendMessageA.USER32(?,000000F7,00000000,?), ref: 1003868E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$ColorCursorDestroy
                                                            • String ID: BUTTON
                                                            • API String ID: 3592366650-3405671355
                                                            • Opcode ID: 3122c0b0c07d4d3111426e4f429b05d2fcf7442c121c89458a190b91ffbea7bf
                                                            • Instruction ID: 543509b7036a310bcd290bab038597feb6e82e1ff5de19bb3a3bdc7ec89054ec
                                                            • Opcode Fuzzy Hash: 3122c0b0c07d4d3111426e4f429b05d2fcf7442c121c89458a190b91ffbea7bf
                                                            • Instruction Fuzzy Hash: 8961BBB5604B459FD225CF24C880B6BB7E5FB88741F108A5EF9868B780CB35FA44CB52
                                                            Function 10030E70 Relevance: 7.6, APIs: 5, Instructions: 134windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • GetTextExtentPoint32A.GDI32(?,1010CEFC,?,?), ref: 10030F11
                                                            • GetSystemMetrics.USER32(0000002E), ref: 10030F25
                                                            • GetWindowRect.USER32(?,?), ref: 10030F45
                                                            • GetStockObject.GDI32(00000011), ref: 10030F92
                                                            • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 10030FA1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: ExtentMessageMetricsObjectPoint32RectSendStockSystemTextWindow
                                                            • String ID:
                                                            • API String ID: 3316701254-0
                                                            • Opcode ID: 0634753a3e013065764a70e751828d5788eb8e25cd1878a8dd561d9bfd69bc4b
                                                            • Instruction ID: d5c4b177d063f3e89dc55e9253188102e4cbb12afb0fd1c1030be55fbd573b05
                                                            • Opcode Fuzzy Hash: 0634753a3e013065764a70e751828d5788eb8e25cd1878a8dd561d9bfd69bc4b
                                                            • Instruction Fuzzy Hash: 0E418B35305345AFD325CF64CC95F6BB7A9EB88B51F004A2DF9829A6C1DB70E8058B61
                                                            Function 10032240 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                              • Part of subcall function 100D9902: __EH_prolog.LIBCMT ref: 100D9907
                                                              • Part of subcall function 100D9902: GetWindowDC.USER32(?,?,?,10032271), ref: 100D9930
                                                            • GetClientRect.USER32 ref: 10032282
                                                            • GetWindowRect.USER32(?,?), ref: 10032291
                                                              • Part of subcall function 100D96BC: ScreenToClient.USER32(?,00000000), ref: 100D96D0
                                                              • Part of subcall function 100D96BC: ScreenToClient.USER32(?,00000008), ref: 100D96D9
                                                            • OffsetRect.USER32(?,?,?), ref: 100322BC
                                                              • Part of subcall function 100D95F9: ExcludeClipRect.GDI32(?,?,?,?,?,75A4A5C0,?,?,100322CC,?), ref: 100D961E
                                                              • Part of subcall function 100D95F9: ExcludeClipRect.GDI32(?,?,?,?,?,75A4A5C0,?,?,100322CC,?), ref: 100D9633
                                                            • OffsetRect.USER32(?,?,?), ref: 100322DF
                                                            • FillRect.USER32(?,?,?), ref: 100322FA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: Rect$Client$ClipExcludeOffsetScreenWindow$FillH_prolog
                                                            • String ID:
                                                            • API String ID: 2829754061-0
                                                            • Opcode ID: 8219691b111bde79c9c350dea34ac985252108b3c6e1711e297a4abcdfc11501
                                                            • Instruction ID: 225b2db89725fb4d9924a53feebae1ec7185d039e0cb40a98f57770fefc98258
                                                            • Opcode Fuzzy Hash: 8219691b111bde79c9c350dea34ac985252108b3c6e1711e297a4abcdfc11501
                                                            • Instruction Fuzzy Hash: 1C316FB5208702AFD714DF54CC85EABB7E9FB88750F008A1DF59697290EB34E905CB62
                                                            Function 100B9960 Relevance: 6.1, APIs: 4, Instructions: 94windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 996 100b9960-100b9972 997 100b9978 996->997 998 100b9974-100b9976 996->998 999 100b997e-100b99a8 call 10016770 * 2 997->999 998->999 1004 100b99aa-100b99b0 999->1004 1005 100b99f2-100b9a2a SendMessageA * 2 999->1005 1004->1005 1008 100b99b2-100b99ce call 1005d130 1004->1008 1006 100b9a2f-100b9a37 1005->1006 1007 100b9a2c-100b9a2d DestroyCursor 1005->1007 1009 100b9a39-100b9a3a DestroyCursor 1006->1009 1010 100b9a3c-100b9a3f 1006->1010 1007->1006 1015 100b99ea-100b99ee 1008->1015 1016 100b99d0-100b99d2 1008->1016 1009->1010 1012 100b9a5c-100b9a76 1010->1012 1013 100b9a41-100b9a5b 1010->1013 1015->1005 1016->1015 1017 100b99d4-100b99e8 call 1005cae0 1016->1017 1017->1005
                                                            APIs
                                                            • SendMessageA.USER32(?,00000080,00000001,?), ref: 100B9A08
                                                            • SendMessageA.USER32(?,00000080,00000000,?), ref: 100B9A1A
                                                            • DestroyCursor.USER32(?), ref: 100B9A2D
                                                            • DestroyCursor.USER32(?), ref: 100B9A3A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: CursorDestroyMessageSend
                                                            • String ID:
                                                            • API String ID: 3501257726-0
                                                            • Opcode ID: 431979b6c2fa26f4407c0268798862ba019ade29ac39c2557b4d80f0448d9b13
                                                            • Instruction ID: c24b4d7622d772c33e1ec6816293b0938eee46c7eb9908bddacc9d81959a7ab7
                                                            • Opcode Fuzzy Hash: 431979b6c2fa26f4407c0268798862ba019ade29ac39c2557b4d80f0448d9b13
                                                            • Instruction Fuzzy Hash: F03128B9604301AFE650DF69C881B9BB7E8EF84750F11882DF999D7240DA74E8498B62
                                                            Function 10034580 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1028 10034580-100345b2 call 100d2947 1031 100345b4-100345bd call 10034ff0 1028->1031 1032 100345bf 1028->1032 1033 100345c1-100345cb 1031->1033 1032->1033 1035 100345cd-100345e1 call 100300a0 1033->1035 1036 100345ec-100345fd 1033->1036 1040 100345e3-100345e7 1035->1040 1041 10034600-1003467a GetStockObject LoadCursorA call 100166f0 call 100d33ea 1035->1041 1040->1036 1045 1003467f-10034682 1041->1045 1045->1036 1046 10034688-100346a6 call 10030190 1045->1046
                                                            APIs
                                                            • GetStockObject.GDI32(00000005), ref: 10034651
                                                            • LoadCursorA.USER32(00000000,00007F00), ref: 1003465F
                                                              • Part of subcall function 100166F0: GetClassInfoA.USER32(?,?,00000000), ref: 10016708
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: ClassCursorInfoLoadObjectStock
                                                            • String ID: _EL_Label
                                                            • API String ID: 1762135420-1571322718
                                                            • Opcode ID: c82c6cab5ff4252e9e2711e8f4877503cf4ce9b13da44b28377c1a3e10ec45a6
                                                            • Instruction ID: d323c76bb1ce05d97269fa73d20368e7aa30e2c60fcada5625d64f92ad92ed39
                                                            • Opcode Fuzzy Hash: c82c6cab5ff4252e9e2711e8f4877503cf4ce9b13da44b28377c1a3e10ec45a6
                                                            • Instruction Fuzzy Hash: 3D3150B5608750AFD315CB54CD51F6BB7E9EB88B10F004A1DF65A9B381DB71E800CB92
                                                            Function 100C88BB Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1049 100c88bb-100c88cc 1050 100c88fe-100c8922 HeapAlloc 1049->1050 1051 100c88ce-100c88eb HeapReAlloc 1049->1051 1052 100c894e-100c8950 1050->1052 1053 100c8924-100c893c VirtualAlloc 1050->1053 1051->1052 1054 100c88ed-100c88f9 1051->1054 1057 100c8969-100c896b 1052->1057 1055 100c893e-100c8948 HeapFree 1053->1055 1056 100c8952-100c8967 1053->1056 1054->1050 1055->1052 1056->1057
                                                            APIs
                                                            • HeapReAlloc.KERNEL32(00000000,00000060,?,00000000,100C8683,?,1002DBFA,?,?,?,?,1002DBFA), ref: 100C88E3
                                                            • HeapAlloc.KERNEL32(00000008,000041C4,?,00000000,100C8683,?,1002DBFA,?,?,?,?,1002DBFA), ref: 100C8917
                                                            • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004,?,?,?,1002DBFA), ref: 100C8931
                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,1002DBFA), ref: 100C8948
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: AllocHeap$FreeVirtual
                                                            • String ID:
                                                            • API String ID: 3499195154-0
                                                            • Opcode ID: fcd9434ad5611f7ecc88f8a7a36a1ebdc3c8d9d5b771d50306ef2a0825af9b61
                                                            • Instruction ID: ddd2fe67c24796400bd2108a1ebcf0cb35038f97b6b73837e39f70fd2d2f349c
                                                            • Opcode Fuzzy Hash: fcd9434ad5611f7ecc88f8a7a36a1ebdc3c8d9d5b771d50306ef2a0825af9b61
                                                            • Instruction Fuzzy Hash: F4115830201221AFE361CF28CCC4A26BBB2FB85B607204A1DF951D69F4D3759963CF10
                                                            Function 1005ADF0 Relevance: 4.6, APIs: 3, Instructions: 110windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1058 1005adf0-1005ae03 1059 1005ae07-1005ae0b 1058->1059 1060 1005ae11 1059->1060 1061 1005aecf-1005aed6 1059->1061 1064 1005ae14-1005ae21 PeekMessageA 1060->1064 1062 1005aede-1005aee7 1061->1062 1063 1005aed8-1005aedc 1061->1063 1065 1005af25-1005af2c 1062->1065 1070 1005aee9-1005aeec 1062->1070 1063->1062 1063->1065 1064->1061 1066 1005ae27-1005ae31 1064->1066 1068 1005ae33-1005ae3a 1066->1068 1069 1005ae9b-1005aeb0 1066->1069 1071 1005ae3d-1005ae4f IsWindow 1068->1071 1078 1005aeb6-1005aebb 1069->1078 1079 1005aeb2 1069->1079 1074 1005aef6-1005af03 1070->1074 1075 1005aeee-1005aef4 1070->1075 1072 1005ae51-1005ae7b call 1002fcd0 * 3 1071->1072 1073 1005ae7d-1005ae90 1071->1073 1086 1005ae93-1005ae97 1072->1086 1073->1086 1087 1005af05-1005af0d 1074->1087 1088 1005af11-1005af1e PeekMessageA 1074->1088 1075->1065 1075->1074 1080 1005aec5-1005aec9 1078->1080 1081 1005aebd-1005aec3 1078->1081 1079->1078 1080->1061 1080->1064 1081->1065 1081->1080 1086->1071 1090 1005ae99 1086->1090 1087->1088 1088->1061 1091 1005af20 1088->1091 1090->1069 1091->1059
                                                            APIs
                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1005AE19
                                                            • IsWindow.USER32 ref: 1005AE47
                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1005AF16
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: MessagePeek$Window
                                                            • String ID:
                                                            • API String ID: 1210580970-0
                                                            • Opcode ID: cdafd16826a48511c6883348caf3208c316ea4b4b829eaad63342daabf586cef
                                                            • Instruction ID: 9dae0aa471d8733822b65b3b55a8155760e7a30608375bb3c0b267dacf6e5c79
                                                            • Opcode Fuzzy Hash: cdafd16826a48511c6883348caf3208c316ea4b4b829eaad63342daabf586cef
                                                            • Instruction Fuzzy Hash: 173199B0600746AFD704DF24D989AAAB3A8FF82388F41052DE91587240DB30ED98CBA1
                                                            Function 100D866A Relevance: 4.5, APIs: 3, Instructions: 29windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 100D8677
                                                            • TranslateMessage.USER32(?), ref: 100D8697
                                                            • DispatchMessageA.USER32(?), ref: 100D869E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: Message$CallbackDispatchDispatcherTranslateUser
                                                            • String ID:
                                                            • API String ID: 2960505505-0
                                                            • Opcode ID: 465337bc4e7441c8396b8517d83d5f901d981b1828035bdec411c9adb934383a
                                                            • Instruction ID: f9ac55d5fc1a5635f52a377fca97f3afcd10061687f542783c3a299d734fa2f7
                                                            • Opcode Fuzzy Hash: 465337bc4e7441c8396b8517d83d5f901d981b1828035bdec411c9adb934383a
                                                            • Instruction Fuzzy Hash: 13E06532210B10ABE7599B249D88E7B77ECFF81B15702041EF406E2110CBA0ED828B72
                                                            Function 1002F3D0 Relevance: 3.1, APIs: 2, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6856e8b7fe38099eb951b4fa48d293cb9e080b00d347cd141b919da375ed64d9
                                                            • Instruction ID: 3725bc302bbb3f02bd379c04e66bbef7cf1acd0b6387c804cb52495424cdeda4
                                                            • Opcode Fuzzy Hash: 6856e8b7fe38099eb951b4fa48d293cb9e080b00d347cd141b919da375ed64d9
                                                            • Instruction Fuzzy Hash: 092148B26007008FE320DF69E8C4A57B7E8EB946A5B51C83EE25AC7610E7B0E815CB54
                                                            Function 100DDB88 Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetErrorMode.KERNEL32(00000000,00000000,100BE43A,?,00000000,101190D0,00000000,?,?,?,?,100C3250,?,?,?,?), ref: 100DDB91
                                                            • SetErrorMode.KERNEL32(00000000,?,100C3250,?,?,?,?,?,?), ref: 100DDB98
                                                              • Part of subcall function 100DDBEB: GetModuleFileNameA.KERNEL32(?,?,00000104,?,?,00000000), ref: 100DDC1C
                                                              • Part of subcall function 100DDBEB: lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 100DDCBD
                                                              • Part of subcall function 100DDBEB: lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 100DDCEA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: ErrorMode$FileModuleNamelstrcatlstrcpy
                                                            • String ID:
                                                            • API String ID: 3389432936-0
                                                            • Opcode ID: 61028724dee990ca65887f639e363b2c657dc50ac41eedae0882f148fe939ac9
                                                            • Instruction ID: 9cbcaa9030dc41891025957b67f095ad4fcce985c32686264edeb471aa701697
                                                            • Opcode Fuzzy Hash: 61028724dee990ca65887f639e363b2c657dc50ac41eedae0882f148fe939ac9
                                                            • Instruction Fuzzy Hash: 8CF01478A183148FD704FF249484A497BE8EF44720F02848FF4889B3A2CB74E840CBA6
                                                            Function 10016F20 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadImageA.USER32(?,?,00000001,00000020,00000020,00000000), ref: 10016F3B
                                                            • LoadImageA.USER32(?,?,00000001,00000010,00000010,00000000), ref: 10016F4D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: ImageLoad
                                                            • String ID:
                                                            • API String ID: 306446377-0
                                                            • Opcode ID: 659ad1ec8312bdff9250c80655e1c6396206715f11fdacef03847fef429f0a28
                                                            • Instruction ID: f59d96354761f58654d1bdb249ffd3bc1dde527a4d33eb92542b8359f81687a2
                                                            • Opcode Fuzzy Hash: 659ad1ec8312bdff9250c80655e1c6396206715f11fdacef03847fef429f0a28
                                                            • Instruction Fuzzy Hash: ACE0ED7234131177E620CE5A8C85F9BF7A9FBCDB10F100819B344AB1D1C2F1A4458765
                                                            Function 100D3726 Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DefWindowProcA.USER32(?,?,?,?), ref: 100D374D
                                                            • CallWindowProcA.USER32(?,?,?,?,?), ref: 100D3762
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: ProcWindow$Call
                                                            • String ID:
                                                            • API String ID: 2316559721-0
                                                            • Opcode ID: 90088b4145dba50adca1c8250522833e62f83420ee25ac31dccb6919a057c477
                                                            • Instruction ID: 0e6c7fe48e73f8c8f521b7fae512a59ca2067d32e4c78f63b006de82a2da0c4c
                                                            • Opcode Fuzzy Hash: 90088b4145dba50adca1c8250522833e62f83420ee25ac31dccb6919a057c477
                                                            • Instruction Fuzzy Hash: 24F01C76104B05FFDB219F94DC84D9A7BF9FF083A1B048419FA49D6120E732D820EB50
                                                            Function 100D335C Relevance: 3.0, APIs: 2, Instructions: 25threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 100DCF33: TlsGetValue.KERNEL32(10127A54,?,00000100,100DD3BC,100DC583,100D8A77,00000100,100D8A10,1002DBFA,?,00000100,?,?), ref: 100DCF72
                                                            • GetCurrentThreadId.KERNEL32 ref: 100D337E
                                                            • SetWindowsHookExA.USER32(00000005,100D3166,00000000,00000000), ref: 100D338E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: CurrentHookThreadValueWindows
                                                            • String ID:
                                                            • API String ID: 933525246-0
                                                            • Opcode ID: 7dbf7088bd97a6055b15ed773f88ce89425cc9b31cc8177e695cb2bd62a4f8f0
                                                            • Instruction ID: 63c137428f549b7e4ee9a2366e358c90c711abd482c757b0b78fac63bf1c92b6
                                                            • Opcode Fuzzy Hash: 7dbf7088bd97a6055b15ed773f88ce89425cc9b31cc8177e695cb2bd62a4f8f0
                                                            • Instruction Fuzzy Hash: 53E06D31601741AED320CF65AD44B5B77E5EB80B61F51852DF28992640D770A9468BB2
                                                            Function 100C816D Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • HeapCreate.KERNEL32(00000000,00001000,00000000,100C3146,00000001), ref: 100C817E
                                                              • Part of subcall function 100C821E: HeapAlloc.KERNEL32(00000000,00000140,100C8192), ref: 100C822B
                                                            • HeapDestroy.KERNEL32 ref: 100C819C
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: Heap$AllocCreateDestroy
                                                            • String ID:
                                                            • API String ID: 2236781399-0
                                                            • Opcode ID: ddf384ec6afb781f0d7d2a91850c0cbaec7953ea7b6b9a01fbc2afbbb7532d84
                                                            • Instruction ID: 66fdbf3390799de75bc72759e6bd686d7d03c5c3109022a8254ce99e2334f458
                                                            • Opcode Fuzzy Hash: ddf384ec6afb781f0d7d2a91850c0cbaec7953ea7b6b9a01fbc2afbbb7532d84
                                                            • Instruction Fuzzy Hash: 52E012742563116EFB004B70DD897A936D9FB44B92F104469FD04C40E4E775C952A711
                                                            Function 100D2CE9 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog.LIBCMT ref: 100D2CEE
                                                              • Part of subcall function 100DCF33: TlsGetValue.KERNEL32(10127A54,?,00000100,100DD3BC,100DC583,100D8A77,00000100,100D8A10,1002DBFA,?,00000100,?,?), ref: 100DCF72
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: H_prologValue
                                                            • String ID:
                                                            • API String ID: 3700342317-0
                                                            • Opcode ID: 175a37883742565829f33c5aa5d4912d4c346954b5dd9f33e01ce7791ba44f9e
                                                            • Instruction ID: 7002fa1c4c0364f5122ffb509e15c8db89024958f1804d6262f0d92dd7e94013
                                                            • Opcode Fuzzy Hash: 175a37883742565829f33c5aa5d4912d4c346954b5dd9f33e01ce7791ba44f9e
                                                            • Instruction Fuzzy Hash: 5D213672A0030AEFCB05DF54C881ADE7BBAFF54364F11406AF915AB241D771AE55CBA0
                                                            Function 100D33EA Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateWindowExA.USER32(00000000,00000080,1005F3C3,?,?,?,?,?,?,?,?,?), ref: 100D3488
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: CreateWindow
                                                            • String ID:
                                                            • API String ID: 716092398-0
                                                            • Opcode ID: 6c023ff1ff9496b8e61656f3edae237dfdfbf4e166389485ee1b4e3805887820
                                                            • Instruction ID: 1c1e2acfd703c4920c366b90a1a4a7261460c585cb20d5b0fc2cced5a6dc299e
                                                            • Opcode Fuzzy Hash: 6c023ff1ff9496b8e61656f3edae237dfdfbf4e166389485ee1b4e3805887820
                                                            • Instruction Fuzzy Hash: CD319A79A00219AFCF01DFA8C944ADEBBF1FF4C210B118469F918E7310E735AA519FA0
                                                            Function 004037B5 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00000008,?,?,?,?,004032D4,?,?), ref: 004037FA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: c43b2ef01e720669996c084981937ba24a89c7599aba3c2056fe0c8e137bb182
                                                            • Instruction ID: e6376902bac7aaaf6918e2281c8a04526f15f80f080eca18f4635914aa29e339
                                                            • Opcode Fuzzy Hash: c43b2ef01e720669996c084981937ba24a89c7599aba3c2056fe0c8e137bb182
                                                            • Instruction Fuzzy Hash: A2012B77A4191026D521B9285D81B5B2F9DDBC17B3F16423BF891773D1DB389E0042DD
                                                            Function 100BBC80 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 100D99B6: __EH_prolog.LIBCMT ref: 100D99BB
                                                              • Part of subcall function 100D99B6: BeginPaint.USER32(?,?,?,?,10002745), ref: 100D99E4
                                                              • Part of subcall function 100D9567: GetClipBox.GDI32(?,?), ref: 100D956E
                                                            • IsRectEmpty.USER32(?), ref: 100BBCC0
                                                              • Part of subcall function 100BB7E0: CreateRectRgn.GDI32(?,?,?,?), ref: 100BB82E
                                                              • Part of subcall function 100BB7E0: GetClientRect.USER32(?,?), ref: 100BB8C9
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: Rect$BeginClientClipCreateEmptyH_prologPaint
                                                            • String ID:
                                                            • API String ID: 4024812366-0
                                                            • Opcode ID: e7d74c4020015ef43020eb752c2b7c7c291574f6916fd24ed43eb4a3b7cf767f
                                                            • Instruction ID: fd4e6368da49ed245ac9cb165a75667cd63993ca9f66621ede4110e36838f267
                                                            • Opcode Fuzzy Hash: e7d74c4020015ef43020eb752c2b7c7c291574f6916fd24ed43eb4a3b7cf767f
                                                            • Instruction Fuzzy Hash: 91F08175008B419FC314CF18D941B9EB7E8FB84B10F500B1DF05592290DB74E908CBA3
                                                            Function 100C12D2 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00000000,1002DBEB,?,?,100C12B6,000000E0,100C12A3,1002DBFA,100D2953,?,00000200,?,100D5F55,?,00000000,?), ref: 100C1317
                                                              • Part of subcall function 100C4E31: InitializeCriticalSection.KERNEL32(00000000,?,1002DBFA,?,100C12E7,00000009,?,?,100C12B6,000000E0,100C12A3,1002DBFA,100D2953,?,00000200,?), ref: 100C4E6E
                                                              • Part of subcall function 100C4E31: EnterCriticalSection.KERNEL32(1002DBFA,1002DBFA,?,100C12E7,00000009,?,?,100C12B6,000000E0,100C12A3,1002DBFA,100D2953,?,00000200,?,100D5F55), ref: 100C4E89
                                                              • Part of subcall function 100C4E92: LeaveCriticalSection.KERNEL32(?,100C1623,00000009,1002DBFA,100C4E7D,00000000,?,1002DBFA,?,100C12E7,00000009,?,?,100C12B6,000000E0,100C12A3), ref: 100C4E9F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$AllocateEnterHeapInitializeLeave
                                                            • String ID:
                                                            • API String ID: 495028619-0
                                                            • Opcode ID: 2eefd442519ee751dba4ee2a3131633db2155db3ec7add7d9d92dbc877d87cb6
                                                            • Instruction ID: 3e392cf85ee879945cc8f33d864aee85ae04c8eeef2a647ee51e5ccd56155269
                                                            • Opcode Fuzzy Hash: 2eefd442519ee751dba4ee2a3131633db2155db3ec7add7d9d92dbc877d87cb6
                                                            • Instruction Fuzzy Hash: AAE02B3394163066CA1196285F417CE2240FB527A4F270194FD043B5D5EAA16E010390
                                                            Function 00403832 Relevance: 1.5, APIs: 1, Instructions: 22memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlFreeHeap.NTDLL(00000000,?,04780302,004033E9,?,004014F9,?), ref: 00403859
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: FreeHeap
                                                            • String ID:
                                                            • API String ID: 3298025750-0
                                                            • Opcode ID: 1fbe7a56ab9a71f4d0f48cad386768617f146eb1abf23fec74d244525b8b0d48
                                                            • Instruction ID: 91226e8eace1bd97999d17ff62e64ae1c6d00165b0211745a548c28c430e8e8c
                                                            • Opcode Fuzzy Hash: 1fbe7a56ab9a71f4d0f48cad386768617f146eb1abf23fec74d244525b8b0d48
                                                            • Instruction Fuzzy Hash: EBD05E3340A63525D8153A24BC01F9B6B9C5F41B25B15447FF900765DD8A38AD4101DD
                                                            Function 004039DE Relevance: 1.5, APIs: 1, Instructions: 22memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00000000,?,04780302,004039C2,000000E0,00403476,?,00000001,00401204,?), ref: 00403A0D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: aa67426206c5814ff3d4279fbbbc3797e272f71b1d52a52eff20bad99bc309ba
                                                            • Instruction ID: 40d5a87da9946a42dd5d751c8d774d80231977176ac71d223f4f09c561c14da9
                                                            • Opcode Fuzzy Hash: aa67426206c5814ff3d4279fbbbc3797e272f71b1d52a52eff20bad99bc309ba
                                                            • Instruction Fuzzy Hash: 0FD0C23394563229DA202A287E41BCB2B089B413A2F060626FC843B2E48B746D8054CC
                                                            Function 00403A93 Relevance: 1.5, APIs: 1, Instructions: 22memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • HeapCreate.KERNEL32(00000000,00001000,00000000,004038C0,00000000), ref: 00403AA4
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: CreateHeap
                                                            • String ID:
                                                            • API String ID: 10892065-0
                                                            • Opcode ID: c1a5c931be7e5736ee538575e0b88363cfc12ead2aad783769243975e9d1e61a
                                                            • Instruction ID: fa1504b7b06ae4d8a2fffbff40698fc1c26a14300b4cf74c99ac491ca1d900ff
                                                            • Opcode Fuzzy Hash: c1a5c931be7e5736ee538575e0b88363cfc12ead2aad783769243975e9d1e61a
                                                            • Instruction Fuzzy Hash: C4D05B7077530368FF107B305E0576A19CD97C0B86F148C3AB584E42E4EF79CD509619
                                                            Function 100D8A71 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadStringA.USER32(?,?,?,?), ref: 100D8A88
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: LoadString
                                                            • String ID:
                                                            • API String ID: 2948472770-0
                                                            • Opcode ID: d6ebab5691ec44b41086f2cbc25e29acdeb2f0da90d6367dff4aed0a956ca8f4
                                                            • Instruction ID: 34b76f84070b84c76719ee1338c87b89d97dc7100dad44a8f380fd285eb82fe5
                                                            • Opcode Fuzzy Hash: d6ebab5691ec44b41086f2cbc25e29acdeb2f0da90d6367dff4aed0a956ca8f4
                                                            • Instruction Fuzzy Hash: 1CD052B61093A29FC601EF608808C8BBBA8BF44220B058C0AF68492211C320D8188B62
                                                            Function 100D5789 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetWindowTextA.USER32(?,?), ref: 100D5797
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: TextWindow
                                                            • String ID:
                                                            • API String ID: 530164218-0
                                                            • Opcode ID: 0c9c9e286f8b777106ea2d375c71e3ba5341fce82e5bf976b4634c9ff17a3198
                                                            • Instruction ID: d7d30056572169ef9aef5972426933969659e5f71b0ac926094f9a5838561dfb
                                                            • Opcode Fuzzy Hash: 0c9c9e286f8b777106ea2d375c71e3ba5341fce82e5bf976b4634c9ff17a3198
                                                            • Instruction Fuzzy Hash: 01D09E35204301DFCB458F60D984A0977B1FF84705B308568E44A86125D732CC12EF10
                                                            Function 100D585B Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ShowWindow.USER32(?,00000004,100D510E,00000001), ref: 100D5869
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: ShowWindow
                                                            • String ID:
                                                            • API String ID: 1268545403-0
                                                            • Opcode ID: dc23159a952870bcdcbfb9672c56b562de49497a4264a320328712d2864854bd
                                                            • Instruction ID: 150f2e6d1cc6b042ecc4876e375c77fcd0602d78264c8b9501d9c5e800063a48
                                                            • Opcode Fuzzy Hash: dc23159a952870bcdcbfb9672c56b562de49497a4264a320328712d2864854bd
                                                            • Instruction Fuzzy Hash: C2D09E356043019FDB059F60C984A0977A2FF94745B308578E84596121D732CC12FF51
                                                            Function 100BE958 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DrawTextA.USER32(?,?,?,?,?), ref: 100BE96B
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: DrawText
                                                            • String ID:
                                                            • API String ID: 2175133113-0
                                                            • Opcode ID: 79f682b8773a1051081b6a75c676b8a57a35d0b5468a10dfb18656d55a05305c
                                                            • Instruction ID: ae58cc1966c2e5dc40d8cc4825660c1b478d9c1c7501d38c2bd95c9e5b74703d
                                                            • Opcode Fuzzy Hash: 79f682b8773a1051081b6a75c676b8a57a35d0b5468a10dfb18656d55a05305c
                                                            • Instruction Fuzzy Hash: 64C00132008382ABCB02CF80CD4482ABEA2BB88304F188C0CF2A500071C3238029EF42
                                                            Function 0040416C Relevance: 1.3, APIs: 1, Instructions: 57memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 004041E2
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: 07bb825ab5768df0b5a3716daf0f9ca9f228b1b1e3761df92b4ade8e915f68d0
                                                            • Instruction ID: ad0c493158d7c2d0ceee1674d33339a1b813a81400a31e9c781b1d1ce690ce74
                                                            • Opcode Fuzzy Hash: 07bb825ab5768df0b5a3716daf0f9ca9f228b1b1e3761df92b4ade8e915f68d0
                                                            • Instruction Fuzzy Hash: 27118F702106029BD730DF28EE8592677B6FB857A07105A7EE295E62E4CF709852CB18
                                                            Function 100C309A Relevance: 1.3, APIs: 1, Instructions: 56memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • HeapAlloc.KERNEL32(00000008,00000000,00000000,00000000,?,100C5836,00000001,00000074,?,100C7E73,?,?,?,100C78EB,100C1662,00000000), ref: 100C30EF
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3766658023.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                            • Associated: 00000000.00000002.3766496737.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3766855195.00000000100E7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767015664.0000000010106000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767056101.000000001010B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767180830.000000001010D000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767225182.0000000010117000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767396037.0000000010125000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                            • Associated: 00000000.00000002.3767538355.000000001012A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_10000000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID: AllocHeap
                                                            • String ID:
                                                            • API String ID: 4292702814-0
                                                            • Opcode ID: 6c6faaf13a1e35f7ef838ddd567d6dbc33f114c3740b21e5947188e732ffd618
                                                            • Instruction ID: 5e150a100dcb64ca8b9a832bb8721e81f5bc752abed3bbaf48e67ecfaca7d0ac
                                                            • Opcode Fuzzy Hash: 6c6faaf13a1e35f7ef838ddd567d6dbc33f114c3740b21e5947188e732ffd618
                                                            • Instruction Fuzzy Hash: 35014C37A206202BE621D5241F82B9F7385EBD06F4F2B81A5FE54671D1DB715E0146A2

                                                            Non-executed Functions

                                                            Function 005690AA Relevance: 11.6, Strings: 8, Instructions: 1610COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: !I?_$"5Hd$&Mq2$4{~$UC?${uz$ zv$Kj}
                                                            • API String ID: 0-4061121986
                                                            • Opcode ID: 809d2fce2b3e6e1bc403977b6d61f630f2916124cb08476145a00a696543e10a
                                                            • Instruction ID: 95ca2d2a384bc86654f416181e8f18c7bfa3cfc552b0339b61fad4ace45aa65e
                                                            • Opcode Fuzzy Hash: 809d2fce2b3e6e1bc403977b6d61f630f2916124cb08476145a00a696543e10a
                                                            • Instruction Fuzzy Hash: AFB2F3F36082009FE304AF2DDC8567ABBE9EF94320F1A493DE6C5C7744EA3598458697
                                                            Function 0049506B Relevance: 9.4, Strings: 7, Instructions: 603COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $$,$3$5$Z$j$q
                                                            • API String ID: 0-1863017803
                                                            • Opcode ID: 6c8e7b0cf79f4b09cd373e232ffcd0cc5bea04780cac75abca5fa864298ee7e9
                                                            • Instruction ID: 06de64ac5be137c74aef3afc9a079232a37c8dbf23c9e44eed97793d830a5a13
                                                            • Opcode Fuzzy Hash: 6c8e7b0cf79f4b09cd373e232ffcd0cc5bea04780cac75abca5fa864298ee7e9
                                                            • Instruction Fuzzy Hash: 6C127EA3F6182507FB990478CD293B6598397A1324F2F827A8F5A6B7C6DC7E4D490384
                                                            Function 0056E0B0 Relevance: 9.2, Strings: 6, Instructions: 1694COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: &f>{$)s{z$,9_$A)|k$Hcr$LL_f
                                                            • API String ID: 0-2982918187
                                                            • Opcode ID: a0fb81c7981574789208ff814f5ed864c68bbe5c548bd917e2a9a2383a9d83fc
                                                            • Instruction ID: e1f44b1756c12a164574bfad923e61edd0e98311476e41baa4924ab4f4e6ce87
                                                            • Opcode Fuzzy Hash: a0fb81c7981574789208ff814f5ed864c68bbe5c548bd917e2a9a2383a9d83fc
                                                            • Instruction Fuzzy Hash: 5EB25CF3A0C204AFE3046E2DEC8567AFBE9EBD4360F1A453DEAC5C3744E93558058696
                                                            Function 0049517B Relevance: 8.0, Strings: 6, Instructions: 463COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $$,$3$5$Z$j
                                                            • API String ID: 0-2081343230
                                                            • Opcode ID: 50aa8a06c81eb371b43bd8c253cfaac4db8dfe31c4f687dd048b5209791d1536
                                                            • Instruction ID: a9820bfec0ddfb6ab68202c8012e9ab3a479cbe5fea92c04e469420933cf262f
                                                            • Opcode Fuzzy Hash: 50aa8a06c81eb371b43bd8c253cfaac4db8dfe31c4f687dd048b5209791d1536
                                                            • Instruction Fuzzy Hash: D3E15EA3F5182507FBA90468C9293B6594387A1365F2F827E8F5B6B7C6DC6E4C4903C8
                                                            Function 0057D13F Relevance: 7.9, Strings: 5, Instructions: 1692COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Pbo~$m0?$n"W$~vo?$7C
                                                            • API String ID: 0-2121080142
                                                            • Opcode ID: 99e088dff90c871eef5c614f3fa77b152c06f113b5bb73452cfadd2e99d2c8e4
                                                            • Instruction ID: bde41b7baf79cf69dd1bd35edf2d32a760c5a1a43e5069d83c1ad3681ba567b3
                                                            • Opcode Fuzzy Hash: 99e088dff90c871eef5c614f3fa77b152c06f113b5bb73452cfadd2e99d2c8e4
                                                            • Instruction Fuzzy Hash: D3B23AF3608304AFE304AE2DEC85A7BFBD9EF94620F1A493DE6C4C3744E97559058692
                                                            Function 00456456 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: w-Ec
                                                            • API String ID: 0-3196852520
                                                            • Opcode ID: af02f1e7db1fd1eff692890495bb0fbff0bb3a31ba93aad6e3a437a41a6ca3a2
                                                            • Instruction ID: d2e83a5c8b0a21d337a63773cdb6164b30794ac08e0e948d001d9eabe53a090d
                                                            • Opcode Fuzzy Hash: af02f1e7db1fd1eff692890495bb0fbff0bb3a31ba93aad6e3a437a41a6ca3a2
                                                            • Instruction Fuzzy Hash: F1C199B3F5122547F3840939CC983A26683DBD4324F2F82398F599B7C9D8BE9C0A5384
                                                            Function 0044A047 Relevance: 1.5, Strings: 1, Instructions: 298COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: BZ7
                                                            • API String ID: 0-2695383049
                                                            • Opcode ID: 27501856ca3c316059136aee7cea6aec3347312269e9927f7a5a12c9f31169cb
                                                            • Instruction ID: 0ed0fc19e89c82a7fecf7e686f4bcb3f9c87a0908efac786958b963ccbd5db13
                                                            • Opcode Fuzzy Hash: 27501856ca3c316059136aee7cea6aec3347312269e9927f7a5a12c9f31169cb
                                                            • Instruction Fuzzy Hash: E5A19BB3E1013547F3544E68CC98361A692EB94320F2F82798E8C7B7C4E97E6D0A93C4
                                                            Function 004591BD Relevance: 1.5, Strings: 1, Instructions: 285COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: P[J\
                                                            • API String ID: 0-3807095743
                                                            • Opcode ID: 2ac021b1ae46af6609b76c5bd2a89da307aca7227cb5bddaf1d303a154e79867
                                                            • Instruction ID: 96cbd1160c71ea94d82e7a3d9c7642266497cf5f49dd64c9ec1b4dfe73eca0b7
                                                            • Opcode Fuzzy Hash: 2ac021b1ae46af6609b76c5bd2a89da307aca7227cb5bddaf1d303a154e79867
                                                            • Instruction Fuzzy Hash: A4A16AF7F1162447F3844929CC583626283DBE5325F2F82788F696B7C9D87E5D0A4388
                                                            Function 004B131D Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: s7bU
                                                            • API String ID: 0-891326245
                                                            • Opcode ID: 217caef1d35bf27c81d1d64af9e820355afcec74c3b9d69753b2304d7ab2e9bc
                                                            • Instruction ID: 7b20e6709543c592847ab6102e6d1e789c8b6a12e6944b5308963d91b2f5b84b
                                                            • Opcode Fuzzy Hash: 217caef1d35bf27c81d1d64af9e820355afcec74c3b9d69753b2304d7ab2e9bc
                                                            • Instruction Fuzzy Hash: ACA1ACB3F216254BF3444938CC983A17693DBD4324F3F42788A18AB7C6D97E9D0A9384
                                                            Function 004294CB Relevance: .4, Instructions: 422COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 480fb88eda68add053f4e7b0d859122a8c0f31700e497918da509e3b81c3d138
                                                            • Instruction ID: 1a5cd798c8688f7f0945e6265a05b639aa601621200629ee25f5a25b1c8382f3
                                                            • Opcode Fuzzy Hash: 480fb88eda68add053f4e7b0d859122a8c0f31700e497918da509e3b81c3d138
                                                            • Instruction Fuzzy Hash: 23E1B5B3F156614BF3454938CC643627B92DB96310F2F82BACA98EB7D6D87D4C094385
                                                            Function 0043418F Relevance: .4, Instructions: 364COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b467a48aa8ce8b29de03921b6d8dcec387a95f3a306938d55f239130ce9b7c2c
                                                            • Instruction ID: b97a6e8c6c204c9cac7144c09457c95fc4dc593e609639c954ace0cf113d0e6e
                                                            • Opcode Fuzzy Hash: b467a48aa8ce8b29de03921b6d8dcec387a95f3a306938d55f239130ce9b7c2c
                                                            • Instruction Fuzzy Hash: 82C19CF3F1122147F3584969CCA83656682EBD5320F2F82798F596BBC9EC7E1D0A5384
                                                            Function 0050B01C Relevance: .4, Instructions: 357COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9f83419661f66e7066c63cc27c569091eb97bd963451e8bc101c605050903dc7
                                                            • Instruction ID: 990c302aa02694b4365227587dce0cfc5e3ca7dd3b61ffeaf17b1bc30c810ec3
                                                            • Opcode Fuzzy Hash: 9f83419661f66e7066c63cc27c569091eb97bd963451e8bc101c605050903dc7
                                                            • Instruction Fuzzy Hash: 77C19EF3F2162547F3944928CC953A26283DB95324F2F82798F58AB7C5E87EDD0A5384
                                                            Function 0050440B Relevance: .4, Instructions: 355COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 400a97e9bc3ed8e426ed91ede1bf78feca51c9a184e33a4860033cf65b1903e7
                                                            • Instruction ID: b71d50b3e64dfe32881ac67dbb2ae3a00c0c202dc71d7dad215a4b90b8d1bbb8
                                                            • Opcode Fuzzy Hash: 400a97e9bc3ed8e426ed91ede1bf78feca51c9a184e33a4860033cf65b1903e7
                                                            • Instruction Fuzzy Hash: 37C16AF3F116154BF3984978CC983A26583DBD0314F2F82388F59AB7C9E87E9D0A5284
                                                            Function 004FB12D Relevance: .4, Instructions: 352COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e6e7c9743290059bf1b63efd7e59d504c17ce03b0ad4adf153b4072ee562a463
                                                            • Instruction ID: 1d68b5c98f36ae4bb289a7cfab1f693a7bc8e4bb2db8060caef516305b02af8d
                                                            • Opcode Fuzzy Hash: e6e7c9743290059bf1b63efd7e59d504c17ce03b0ad4adf153b4072ee562a463
                                                            • Instruction Fuzzy Hash: E9C16AB3F1111687F3444E29CCA43626683EBD5324F3F82788B595BBC9D93E9D0A9384
                                                            Function 004E6069 Relevance: .4, Instructions: 350COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: db765f7762cbd7aef66ec4c826269d2c159465186db4e0946dc48c3d178db968
                                                            • Instruction ID: 1a36b1ae7763cb779e9439f76f1f86df02ea748cd6eacd90d2d4d3a215b96a90
                                                            • Opcode Fuzzy Hash: db765f7762cbd7aef66ec4c826269d2c159465186db4e0946dc48c3d178db968
                                                            • Instruction Fuzzy Hash: 7DC16AF3F516154BF3444879DD9836265839BE5324F3F82388B989B7CAD8BE9C0A4284
                                                            Function 0046D128 Relevance: .3, Instructions: 347COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 742dc2d2b5e49d9327fee68c609ee5e9f860122170d75e53915a43e0b7a2e134
                                                            • Instruction ID: 59fe8f0fadb84affb62888ad0ee96a9d1d4f9be0174f8415ab5cd9cf09c0a02b
                                                            • Opcode Fuzzy Hash: 742dc2d2b5e49d9327fee68c609ee5e9f860122170d75e53915a43e0b7a2e134
                                                            • Instruction Fuzzy Hash: 68C16AF3F116254BF3844938DC983622643DBA5324F2F82788F59AB7C9D87E9D0A5384
                                                            Function 0047746A Relevance: .3, Instructions: 346COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 93c8a54c3d0efe5f558f3b6514eeb62a1b5ab7eb4c856974afefea9e2e13a10a
                                                            • Instruction ID: 67c332c07d1e51e3a46d05f7e9ee6733e57f3145bd2f91b6141c288cfea8988f
                                                            • Opcode Fuzzy Hash: 93c8a54c3d0efe5f558f3b6514eeb62a1b5ab7eb4c856974afefea9e2e13a10a
                                                            • Instruction Fuzzy Hash: 88C18BB3F1122547F3580928CC983A27693DBE5314F2F82788F996B7C9D87E5C0A5384
                                                            Function 004D2196 Relevance: .3, Instructions: 345COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b7adbb8de28222f4fa6195754f456a54d0121636e9a482c06a5397a03c9b009b
                                                            • Instruction ID: b024770b15b36ab0e21d2569af517cb910c0eabfc39f1e2a2716399e8b97c67e
                                                            • Opcode Fuzzy Hash: b7adbb8de28222f4fa6195754f456a54d0121636e9a482c06a5397a03c9b009b
                                                            • Instruction Fuzzy Hash: 30C19CB3F1122147F3544978DD983A2A6829B95320F2F82798E5CBBBC5D87E5D0A53C4
                                                            Function 004C92E5 Relevance: .3, Instructions: 345COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 07aea8ab6a88a23402b200b151dd49de8a098cbda59469b1c558184388eb17cc
                                                            • Instruction ID: 4ca20d336e3adfd6924bd3062da4ae4256e9af148c274420f59c6a09122b2fea
                                                            • Opcode Fuzzy Hash: 07aea8ab6a88a23402b200b151dd49de8a098cbda59469b1c558184388eb17cc
                                                            • Instruction Fuzzy Hash: C3C189B3F1122547F3584D29CCA83B26643EBD5320F2F82798A5A9B7C5DC7E9D0A5384
                                                            Function 00489369 Relevance: .3, Instructions: 340COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b63ff7a34aff70a667b97fdf7d0cafeea78f7244b6f96e1ee359ca10afb0c25a
                                                            • Instruction ID: b449d79c8ad17aa3f9ec1e6f628f6eb59b6732fccbbcac48b4d890508fbb4f12
                                                            • Opcode Fuzzy Hash: b63ff7a34aff70a667b97fdf7d0cafeea78f7244b6f96e1ee359ca10afb0c25a
                                                            • Instruction Fuzzy Hash: 22C1ACF3F616254BF3844978CC983626683DBD5324F2F82788E58AB7C9D87E5D0A5384
                                                            Function 0043F3AF Relevance: .3, Instructions: 337COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4104ddc5ff06425ea40dafc00e98e95811a9f9f6ab1283db6a2c9262be0ceefd
                                                            • Instruction ID: 603a3f3038afd24b612f743692d4e69de968f630100a26ce9b5d1d28dd0354e0
                                                            • Opcode Fuzzy Hash: 4104ddc5ff06425ea40dafc00e98e95811a9f9f6ab1283db6a2c9262be0ceefd
                                                            • Instruction Fuzzy Hash: 4DC17CB3F102254BF3544978DC98362A682DB95324F2F82788F9CAB7C5D9BE5D0A53C4
                                                            Function 004E14A6 Relevance: .3, Instructions: 334COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 491b3250217eb2397cc2892eb46363c605dca609ba0cf09a71e41f4fb9722f4c
                                                            • Instruction ID: bfd94afe4406ae3e0cc0bcc598978be0b4728f8c1324d8e0c792bcfedc48a49b
                                                            • Opcode Fuzzy Hash: 491b3250217eb2397cc2892eb46363c605dca609ba0cf09a71e41f4fb9722f4c
                                                            • Instruction Fuzzy Hash: 89B1DDF3F502254BF3504969DC883A22283DBD5320F2F82798E586BBC5D87E9D0A5384
                                                            Function 0044F4A6 Relevance: .3, Instructions: 332COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4d6ca09502e6e6905134be360b593bae462c907d35abf022b5ba16fbcfcefd39
                                                            • Instruction ID: 26652103f6557255a176a2e780429c92928c15c7f72b8b6a5fc52fad452b5e94
                                                            • Opcode Fuzzy Hash: 4d6ca09502e6e6905134be360b593bae462c907d35abf022b5ba16fbcfcefd39
                                                            • Instruction Fuzzy Hash: 65B16BB3F112254BF3904979CD8835262839BD5324F2F82798E5CABBC9D87E9D0A53C4
                                                            Function 00514408 Relevance: .3, Instructions: 331COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e476f624d8fded555978c7ddb943b7f1b9050209cd5f0d2ec667bc32e1452f42
                                                            • Instruction ID: 8bd90c22c81bbbada4a842572ee8f65ff18d88c7dec7505fbfb0c5acc35d9ab3
                                                            • Opcode Fuzzy Hash: e476f624d8fded555978c7ddb943b7f1b9050209cd5f0d2ec667bc32e1452f42
                                                            • Instruction Fuzzy Hash: B4B159F3F1162547F3844878DC983A16683A795324F2F82788EA8AB7C5DC7E9D0A53C4
                                                            Function 0047D410 Relevance: .3, Instructions: 329COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7a1b1b5384a3842ac41b405ba7e4b91b9ebbcac60d5d3d0946fbc3a7fc461edc
                                                            • Instruction ID: 8a07bb40bf6ff51a760849c1bcb35ff686fc2a075f46b62acdd66fe95c19dd2f
                                                            • Opcode Fuzzy Hash: 7a1b1b5384a3842ac41b405ba7e4b91b9ebbcac60d5d3d0946fbc3a7fc461edc
                                                            • Instruction Fuzzy Hash: B6B189F3F2112547F3484839DC583A2658397E1325F2F82398F59ABBC9EC7E9D0A5284
                                                            Function 004EF161 Relevance: .3, Instructions: 328COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c26f0826ed1564da4ac9024e75578cf82c61eb02eb394d270954cbfdd76b6d77
                                                            • Instruction ID: 757e55a12bd8aff92addb11880e5f6254cee402fa79df0728d4b351a43171b9e
                                                            • Opcode Fuzzy Hash: c26f0826ed1564da4ac9024e75578cf82c61eb02eb394d270954cbfdd76b6d77
                                                            • Instruction Fuzzy Hash: 17B158B3F1122547F3484978CDA83626683DBD5314F2B82788F5A6BBC9DC7E9D0A5384
                                                            Function 0050C126 Relevance: .3, Instructions: 327COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 79ad5fd8ba2af1ef7e7bee17b587c98a13ed5859b6860290569eab5bdee113f6
                                                            • Instruction ID: 100e1f4d46c2b16215e9ea8fe4f43a00cdd6134b4b76a3c19a0343ee31c0b0d4
                                                            • Opcode Fuzzy Hash: 79ad5fd8ba2af1ef7e7bee17b587c98a13ed5859b6860290569eab5bdee113f6
                                                            • Instruction Fuzzy Hash: 5CB158F3F516354BF3584868CC943A165429BA5324F2F82788F5CBB7C5E8BE5C0A12C8
                                                            Function 004AE4B6 Relevance: .3, Instructions: 327COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e3521dda1061b7e370f32258c3ec045f1d722631a5ba2fe27bfae69e1dcd79bf
                                                            • Instruction ID: 4136ecbdcf957ef7c737acdb649fb7c37f7be18f75c76c08892c77a3c361e1a8
                                                            • Opcode Fuzzy Hash: e3521dda1061b7e370f32258c3ec045f1d722631a5ba2fe27bfae69e1dcd79bf
                                                            • Instruction Fuzzy Hash: E1B17BF7F616214BF3444839DD98362658397E5325F2F82788E58ABBC9DC7E8D0A4384
                                                            Function 004BD326 Relevance: .3, Instructions: 326COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d9cc443579db2bd2f51f411268bdc9715bffbf1ab0f0a972cfdddaa5ed2f56a7
                                                            • Instruction ID: 8c774d2495e55e2a7a656efed817241c7a719dce2e78036353f5acb6219bdc63
                                                            • Opcode Fuzzy Hash: d9cc443579db2bd2f51f411268bdc9715bffbf1ab0f0a972cfdddaa5ed2f56a7
                                                            • Instruction Fuzzy Hash: 6CB19EB3F5062447F3584939CDA83666583DBD5320F2F82798B89ABBC9DC7E5C0A4384
                                                            Function 004CF1B6 Relevance: .3, Instructions: 325COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4b391a5562bb4d6ffddde82e09e931194978eb76f0481536361ccecd371fee0d
                                                            • Instruction ID: f26efc45f6db189a0c3e860ba79a6e11768c3d8f314649d92e4dae77f8422f3a
                                                            • Opcode Fuzzy Hash: 4b391a5562bb4d6ffddde82e09e931194978eb76f0481536361ccecd371fee0d
                                                            • Instruction Fuzzy Hash: E5B189B7F102254BF3884929CCA83A27683DBD5324F2F817D8B59AB7C5D87E5D0A5384
                                                            Function 004781FA Relevance: .3, Instructions: 323COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bca0f3f7eb9da33233179924990158dcae66a8475b6f8ea6585e8db96fb03a11
                                                            • Instruction ID: 17c9b7b69350610bb45e4f0292c555ead872bb5783ac25780018fc8ea3d2e8d3
                                                            • Opcode Fuzzy Hash: bca0f3f7eb9da33233179924990158dcae66a8475b6f8ea6585e8db96fb03a11
                                                            • Instruction Fuzzy Hash: A3B149B3F112254BF3944939CC9836266839BD9320F2F82798F9CAB7C5D97E5D0A5384
                                                            Function 00487054 Relevance: .3, Instructions: 322COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 39ad8055dfd64f4102b9c6dfff02904ffcbb0adddd97c324bfbcaedfb509310c
                                                            • Instruction ID: f569eb2836abd713030e96205b71273a14277328f765b35315dfbfd636e8c786
                                                            • Opcode Fuzzy Hash: 39ad8055dfd64f4102b9c6dfff02904ffcbb0adddd97c324bfbcaedfb509310c
                                                            • Instruction Fuzzy Hash: 87B167F3E1063547F39449B8CD98362A6929B95324F2F82788E5CBBBC8D87E5D0953C4
                                                            Function 004C84E5 Relevance: .3, Instructions: 321COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a52eabd5e053f39b3a69f4efafdfde1ae81650516bbafd27415a8631bcf37627
                                                            • Instruction ID: 138aaf45f1aaf87d708fcfd31f78ef595ce110320b562a6eb34af3a139a196fc
                                                            • Opcode Fuzzy Hash: a52eabd5e053f39b3a69f4efafdfde1ae81650516bbafd27415a8631bcf37627
                                                            • Instruction Fuzzy Hash: A4B16AB7F112254BF3484968CCA83A26682E7D1324F2F82798F596B7C5ED7E5C0A5384
                                                            Function 0046700F Relevance: .3, Instructions: 317COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c4a246f4fa3c5f92cfb64a294916c626686f058d80c0c78f77e838f0214c6257
                                                            • Instruction ID: c678a250bef75b8e6f931210d1d665fc1986d7edbe2df7a2d80e380c9beb6a6b
                                                            • Opcode Fuzzy Hash: c4a246f4fa3c5f92cfb64a294916c626686f058d80c0c78f77e838f0214c6257
                                                            • Instruction Fuzzy Hash: 85B17BF7F115260BF344893ACC9436265839BD5324F2FC2798A58AB7C9EC7E9C0A5384
                                                            Function 004370DC Relevance: .3, Instructions: 317COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 122e25b4b102c9247f4c0983aa249312560efa030a1553e5fb67edaf79650854
                                                            • Instruction ID: e37f8abe1b5e5f4c09f984c35ee215eb910ceb800f0e72f3437bb7b5d49b5365
                                                            • Opcode Fuzzy Hash: 122e25b4b102c9247f4c0983aa249312560efa030a1553e5fb67edaf79650854
                                                            • Instruction Fuzzy Hash: 39B18AF3F1162507F3984868DD9936265829B95324F2F82798E5DAB7C5DC7E8C0A43C4
                                                            Function 004F32B1 Relevance: .3, Instructions: 316COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7734e3bb85e4216e2f30496795aad90fe3e1f32af3846b3f1c2e975835199414
                                                            • Instruction ID: 19dc059418c8a2888418c4a3427a4332d224949243201eb892b3479226b0a23d
                                                            • Opcode Fuzzy Hash: 7734e3bb85e4216e2f30496795aad90fe3e1f32af3846b3f1c2e975835199414
                                                            • Instruction Fuzzy Hash: 4EB18EB3F111258BF3404E69CC843627692EBD5310F2F8279CE58AB7C9D97E9D0A9784
                                                            Function 004ED155 Relevance: .3, Instructions: 315COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7875351b7bf00ae8c22b92a443dd049cc9bcf6ee8aecf39e8b2dd59598516b8c
                                                            • Instruction ID: 841c2479b1d119b31a22dd23f3fb5eb6d2fa12978e39f3315e3d45ce0e9edd0e
                                                            • Opcode Fuzzy Hash: 7875351b7bf00ae8c22b92a443dd049cc9bcf6ee8aecf39e8b2dd59598516b8c
                                                            • Instruction Fuzzy Hash: BCB1ABF3F1152547F3444939DC983A22582D795324F2F82788F58ABBC9E87E9D0A53C8
                                                            Function 004D01DC Relevance: .3, Instructions: 315COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6cef94d4df32f7819bb6c4171478a6a6d1caf0e42bf5cdddba0a7f8b95997d5c
                                                            • Instruction ID: 54e132abf471013a67eca0617bd05926f2796e57e4aca6adac858b203e00e022
                                                            • Opcode Fuzzy Hash: 6cef94d4df32f7819bb6c4171478a6a6d1caf0e42bf5cdddba0a7f8b95997d5c
                                                            • Instruction Fuzzy Hash: 43B178B3E1153547F3A44979CC983A2A6829BD0320F3F82798E9C7B7C5D87E5D0A52C8
                                                            Function 0046F3D5 Relevance: .3, Instructions: 314COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 826bed7422dcd52890548a64b544b0ea0afe3afa703a7ace3576914933eb6ffe
                                                            • Instruction ID: aa367de5ce0b9d54d6c119dd27acf7f6236acbeb4800f0c4f609156f8cb2f54e
                                                            • Opcode Fuzzy Hash: 826bed7422dcd52890548a64b544b0ea0afe3afa703a7ace3576914933eb6ffe
                                                            • Instruction Fuzzy Hash: C9B149B3F1162547F3884839CC643A66683DBD5321F2F82798E5A6BBC9DC7E5C0A5384
                                                            Function 0045F47A Relevance: .3, Instructions: 314COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c13842368216bbeeba73bbb06801b3550f54e3410678c26a715bc5f829c645cf
                                                            • Instruction ID: b48e3a99bd81fd63790bc1667a0857bf3cdb157f23867f331c8fc17f4d8d47b1
                                                            • Opcode Fuzzy Hash: c13842368216bbeeba73bbb06801b3550f54e3410678c26a715bc5f829c645cf
                                                            • Instruction Fuzzy Hash: CCB19AB3F616254BF3944879DC983A26182DBD5320F2F82798E5CAB7C5DC7E9C0A5384
                                                            Function 004623CF Relevance: .3, Instructions: 308COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d4a2d6d0124725b7227b86094d172013881ee3d1042629f0813c93999e9b91b9
                                                            • Instruction ID: 5afe6c89e6da680e088e84ef2f20961826142fc5d68e5fe6324c0b2ded5a8efa
                                                            • Opcode Fuzzy Hash: d4a2d6d0124725b7227b86094d172013881ee3d1042629f0813c93999e9b91b9
                                                            • Instruction Fuzzy Hash: 84B19FF3F1162547F3500968DC983A266839BE4324F3F82798E5C6B7C6D97E9D0A5388
                                                            Function 0050A2B0 Relevance: .3, Instructions: 307COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0716c59e3331138c666dd7557e721cbb556ce2ae009a90df77d8becb9aff7df4
                                                            • Instruction ID: 411537e40b95e0fca9e007e9e6ad4d0014c0156b00acc02e8f03977625a810a1
                                                            • Opcode Fuzzy Hash: 0716c59e3331138c666dd7557e721cbb556ce2ae009a90df77d8becb9aff7df4
                                                            • Instruction Fuzzy Hash: 28B198B3F216254BF3544D78CC9836266839BD5324F2F82788F586B7C9D87E9D0A5388
                                                            Function 004BB42F Relevance: .3, Instructions: 305COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 15cbab4c90feabd00a08a89b62d364e9062820eccdb3af44af693219848a17de
                                                            • Instruction ID: 902b8fab980fb68200b11e5d41b9e618f17e23a477721e9178c1507eec670734
                                                            • Opcode Fuzzy Hash: 15cbab4c90feabd00a08a89b62d364e9062820eccdb3af44af693219848a17de
                                                            • Instruction Fuzzy Hash: 8BB18FB3F112254BF3404D69CC983627693DBD5320F2B82788B58AB7C9D97E9D0A5384
                                                            Function 004A34D6 Relevance: .3, Instructions: 304COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1954d5b7ecfc7d9c87a69f390bc9c1d23e884e5ab201cc20472e7a5d71575f06
                                                            • Instruction ID: 3272ec609f6acf4ed720ec7bc41ccf07b89690fa73d59b007ed579abb2f0ff70
                                                            • Opcode Fuzzy Hash: 1954d5b7ecfc7d9c87a69f390bc9c1d23e884e5ab201cc20472e7a5d71575f06
                                                            • Instruction Fuzzy Hash: 42A19AB3F1022547F3944D39DC983627682DB95314F2F827D8E89AB7C9D87E9D0A5388
                                                            Function 004AF0C0 Relevance: .3, Instructions: 303COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fb2d949f37d9de95c3fadd6ffaa4ffda1a6c22936c0b11a32e0fa32c2c30db99
                                                            • Instruction ID: c4bc928bafd88a3ae96977573f6114a1d8d35194e4f02bc49c4f91ccc6b378e6
                                                            • Opcode Fuzzy Hash: fb2d949f37d9de95c3fadd6ffaa4ffda1a6c22936c0b11a32e0fa32c2c30db99
                                                            • Instruction Fuzzy Hash: 83B1ADF3F1022547F3484D78DCA83626682EB95324F2F82398B59AB7C5DD7E9D0A5384
                                                            Function 00448242 Relevance: .3, Instructions: 301COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7331ada3de6f11ff99fbe11f4d00bf710058b89df58e0765ec89d805d6aac154
                                                            • Instruction ID: b8dd355e33f85c23089e94aa7dd25e047c14983191bf0cef0a63e2db33053987
                                                            • Opcode Fuzzy Hash: 7331ada3de6f11ff99fbe11f4d00bf710058b89df58e0765ec89d805d6aac154
                                                            • Instruction Fuzzy Hash: 3AA19AB3F206154BF3484939CC583A16683DBD5321F2F82798F59ABBC9D87E9D0A5384
                                                            Function 00481437 Relevance: .3, Instructions: 300COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7206b242c5c1c5e47f5b973c1995f355affc29bff3e53e42e6f0f3185673d4fc
                                                            • Instruction ID: 24c928cd6545f8db67ca2fcb2fbd1ce456aec0c59860949244042d991e5e0d5b
                                                            • Opcode Fuzzy Hash: 7206b242c5c1c5e47f5b973c1995f355affc29bff3e53e42e6f0f3185673d4fc
                                                            • Instruction Fuzzy Hash: 95A1A0B7F512254BF3944968CC983A17682DBD5320F2F82798F58AB3C5ED7E9C0A5384
                                                            Function 0047209E Relevance: .3, Instructions: 297COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 51d3b881e65450b5dc63388970cec48b0f304dd7bf065384c732cc14bd434535
                                                            • Instruction ID: b96e5ddf756f3f4dc03b822ac377f15b9dccb6741175958e985ac0e2bdc60dbf
                                                            • Opcode Fuzzy Hash: 51d3b881e65450b5dc63388970cec48b0f304dd7bf065384c732cc14bd434535
                                                            • Instruction Fuzzy Hash: BFA16AB3F1122547F3500929DC9836266939BD5324F3F82798EAC6B7C5D87E5D0A93C8
                                                            Function 0046930F Relevance: .3, Instructions: 297COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a58de0a531e0353df31a14224f0c37b9d37fcbb3f2ee47bb080ef7b703309741
                                                            • Instruction ID: 28e78041aadbc59aa65c1a12b2624398fde9e21f14f208c0be0aaa5f06b5b820
                                                            • Opcode Fuzzy Hash: a58de0a531e0353df31a14224f0c37b9d37fcbb3f2ee47bb080ef7b703309741
                                                            • Instruction Fuzzy Hash: 8EA18DB3F116248BF3544A29CC983617693DBD5320F2F82788E986B7C4DD7E6D0A9384
                                                            Function 00501072 Relevance: .3, Instructions: 294COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1c9531cc653f923a01cb4f73fb0e761156e3a7bc8a843c050e6251d257644b59
                                                            • Instruction ID: 8f943d0999b4cd582f31f124a8788443f3abdcd3464fbf8601eeb0297223a609
                                                            • Opcode Fuzzy Hash: 1c9531cc653f923a01cb4f73fb0e761156e3a7bc8a843c050e6251d257644b59
                                                            • Instruction Fuzzy Hash: C0A169B3E111354BF3504E28CC943A2B692AB95320F2F82798E5C6B7C5D97E6D4A93C4
                                                            Function 004B90C2 Relevance: .3, Instructions: 294COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b06c53ed2b66db445da787c48225ba141b7f0d7fd26913e404e65f9c8bbb2a80
                                                            • Instruction ID: a8500b261289b73371ac1b84a50f1c5d7874c24e642cbf71812c94c63fda784c
                                                            • Opcode Fuzzy Hash: b06c53ed2b66db445da787c48225ba141b7f0d7fd26913e404e65f9c8bbb2a80
                                                            • Instruction Fuzzy Hash: A1A169B3F1112547F3844E29CC983626683EBC5324F3F82398A985B7C5DD7EAD0A9384
                                                            Function 004DA4D8 Relevance: .3, Instructions: 293COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ee23f401eb3efcf4b754adbfb447c1b940db4e12de0a7a08464636a025c00dc2
                                                            • Instruction ID: a620642a22e2d592f9633e945e986feebef00a79c4119a4a7ec31a24d8cce561
                                                            • Opcode Fuzzy Hash: ee23f401eb3efcf4b754adbfb447c1b940db4e12de0a7a08464636a025c00dc2
                                                            • Instruction Fuzzy Hash: 01A19DB3F5021647F3844D39DC993A22682EB95314F2E823D8F599BBC9DC7E9D0A5344
                                                            Function 0048D0B1 Relevance: .3, Instructions: 292COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d8a74d1c4234dff2433f7782d038dce479b940c6855dbaf66e3239b9ca5ff4db
                                                            • Instruction ID: 7ba1f737a4a0c475ba3eff38e9970b9a1fea31776e729a746979002f9aba74cc
                                                            • Opcode Fuzzy Hash: d8a74d1c4234dff2433f7782d038dce479b940c6855dbaf66e3239b9ca5ff4db
                                                            • Instruction Fuzzy Hash: F9A17FF3F1062547F3984938CDA93A26542DBA5324F2F82388F596B7C5DC7E5D0A5388
                                                            Function 004863FD Relevance: .3, Instructions: 289COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: be1408d58e67ac88e45a06cab3be6ce1837fef7e801e0c3f44a3d76ba9edbf0e
                                                            • Instruction ID: d18b268f822c57f7d40a110918ac64d2988c3b9ffae6061225b25fc211030453
                                                            • Opcode Fuzzy Hash: be1408d58e67ac88e45a06cab3be6ce1837fef7e801e0c3f44a3d76ba9edbf0e
                                                            • Instruction Fuzzy Hash: E6A19EF3F106254BF3444979DC983627683DBA5320F2F82798A98EB7C5E87E9D095384
                                                            Function 0049706E Relevance: .3, Instructions: 288COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8ec28f5401ea0c907db770fb351b0dbdfe86dcebf4bcf02fca81e351559ae7a5
                                                            • Instruction ID: ed7fe5dbe37833f3a767952c977d44e4152942a2ac89c1ff49b4ef445db31682
                                                            • Opcode Fuzzy Hash: 8ec28f5401ea0c907db770fb351b0dbdfe86dcebf4bcf02fca81e351559ae7a5
                                                            • Instruction Fuzzy Hash: EBA19DF3F106254BF3880968DDA83A26682DBD5314F2F823D8F49AB7C5D87E9D095384
                                                            Function 00479091 Relevance: .3, Instructions: 288COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 599e4cf7b7ce7cc28554c9ca3be20ea9b0c5968363b24ef30b2bae9ce0932775
                                                            • Instruction ID: 6fb24e9c14f5f822efef82937cae7c3e0975843e9e4dfaa1f00fe7a4efdd050b
                                                            • Opcode Fuzzy Hash: 599e4cf7b7ce7cc28554c9ca3be20ea9b0c5968363b24ef30b2bae9ce0932775
                                                            • Instruction Fuzzy Hash: DEA15BB7F112254BF3444978DCA83626683CBD5324F2F82398F69AB7D9DC7E4D0A5284
                                                            Function 004CA486 Relevance: .3, Instructions: 286COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f2d560dedda6c84b53163d61ca5e7eac2871882967c110754d69f6cfc579b4ff
                                                            • Instruction ID: 845854d8877fc23d75e1cb3d21ff9dca030f379d8a26758f016c7b6f5383b28a
                                                            • Opcode Fuzzy Hash: f2d560dedda6c84b53163d61ca5e7eac2871882967c110754d69f6cfc579b4ff
                                                            • Instruction Fuzzy Hash: 9FA1BCB3F116254BF3440968CCA43A26683DBD2324F3F82788E68AB7D4DC7E5D0A5384
                                                            Function 004B84A6 Relevance: .3, Instructions: 286COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c710fad5a9133845a2eeda299a81ebbb927c055de4228196a0c736a3a825fb5c
                                                            • Instruction ID: 2d2d9acd961822da3f85913bf76e236f3105262a60165052f116d89a0f9b54a9
                                                            • Opcode Fuzzy Hash: c710fad5a9133845a2eeda299a81ebbb927c055de4228196a0c736a3a825fb5c
                                                            • Instruction Fuzzy Hash: 95A17AF3F1162107F3944879DD9836266839BD5325F2F82798F98AB7C9C87D8D0A4384
                                                            Function 0044B3F9 Relevance: .3, Instructions: 285COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 40b18ed4dfb1a4c73e3cce96060df9e5e512fd3d7a31bfd384db3b9e08d8117b
                                                            • Instruction ID: b5b73671b82b4e1f87f5c14bf5af77e01108c38defb2ecbd2f460f3210967ce3
                                                            • Opcode Fuzzy Hash: 40b18ed4dfb1a4c73e3cce96060df9e5e512fd3d7a31bfd384db3b9e08d8117b
                                                            • Instruction Fuzzy Hash: 6AA168B3F112254BF3440D28DCA83A26683EBD9324F2F42798B586B7C5D97E9D0A5384
                                                            Function 0044C2C8 Relevance: .3, Instructions: 284COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 705d54b2e0c150bee2c7873c1eea3ffee124cae3bcf5ad19da839d74640fa869
                                                            • Instruction ID: e187e7bf409b2a4baf3bb1f289420116e9a95d5b959e34e9fcd0f867ab8a9306
                                                            • Opcode Fuzzy Hash: 705d54b2e0c150bee2c7873c1eea3ffee124cae3bcf5ad19da839d74640fa869
                                                            • Instruction Fuzzy Hash: 20A18CF7F112254BF3844938CD683A26683DBD5314F2F82798A896B7C9DC7E5D0A5384
                                                            Function 0042A2FD Relevance: .3, Instructions: 283COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0b24f0e39462ba503898692ad73894c5cb56adb07df791ef8d5b2ecc7210394f
                                                            • Instruction ID: fa5251b92c29653c336c670ce93f31dd1eb91af30ec0f351ab42f432d5d504cc
                                                            • Opcode Fuzzy Hash: 0b24f0e39462ba503898692ad73894c5cb56adb07df791ef8d5b2ecc7210394f
                                                            • Instruction Fuzzy Hash: BFA19DB3F216244BF3844928DC983A13293DBDA324F2F4279CA589BBD5D97D9D0A9344
                                                            Function 00458409 Relevance: .3, Instructions: 282COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 06779afd59136dfb5b955f07c93005cf247b09807ef4f704f500269e728350f7
                                                            • Instruction ID: 6f9108861942e60eeff84a1c8791497f5af69db3d449e538b2dad2e3c39ad487
                                                            • Opcode Fuzzy Hash: 06779afd59136dfb5b955f07c93005cf247b09807ef4f704f500269e728350f7
                                                            • Instruction Fuzzy Hash: 89A159F3F6161547F3580928CC643626683DBE6325F3F82788B696B7C5DC7E9C0A5288
                                                            Function 004F00DD Relevance: .3, Instructions: 281COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 32a16c82e3ed3d9d11e9183b0468e8bebf2091042a546439db9f5401f961a065
                                                            • Instruction ID: 7c2a5308ab1bcd7caf593a80d70f990307978680226d050e27fbf62f17e07742
                                                            • Opcode Fuzzy Hash: 32a16c82e3ed3d9d11e9183b0468e8bebf2091042a546439db9f5401f961a065
                                                            • Instruction Fuzzy Hash: D3A1AAB3F516254BF3844979CD983A26683DBD1324F2F82788E586B7C5DC7E5C0A5384
                                                            Function 00468165 Relevance: .3, Instructions: 281COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: add6a4b4f59256d559036db7a2d2548111863bc9e42d5380345da45a32a4419c
                                                            • Instruction ID: 169bffcf3cccd8d04e64e985382fd4a08982373ed73653c8f6d2a065996580dd
                                                            • Opcode Fuzzy Hash: add6a4b4f59256d559036db7a2d2548111863bc9e42d5380345da45a32a4419c
                                                            • Instruction Fuzzy Hash: 8AA1ACB3F112254BF3440D68CC943A27643DBD6324F2F82788E596B7C9D97E5D4A5384
                                                            Function 0049914C Relevance: .3, Instructions: 280COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 24f6abc388e9e047084fc27b26dc2a912e156c7522561241bc13c2f06d12d84c
                                                            • Instruction ID: a993cd2d97d85706af70ebf804379f795602aca0126f5ac7cc5536ef65ba6b73
                                                            • Opcode Fuzzy Hash: 24f6abc388e9e047084fc27b26dc2a912e156c7522561241bc13c2f06d12d84c
                                                            • Instruction Fuzzy Hash: C5A18AB3F1122547F3444D68DC943A272839BD5325F3F82798E68AB7C5E97E9C0A9384
                                                            Function 0049F31B Relevance: .3, Instructions: 280COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 681696ad1d7b1ac1d6951c68c1735e1e82a50ad48bb0dd7744bc6c2de429c162
                                                            • Instruction ID: 3a54d240c8874a2e378d78827a44292d837243bb58023736bf7d53f7dced5b47
                                                            • Opcode Fuzzy Hash: 681696ad1d7b1ac1d6951c68c1735e1e82a50ad48bb0dd7744bc6c2de429c162
                                                            • Instruction Fuzzy Hash: 1B917EF3F1152547F3944878CDA93A265829B95324F2F83398FA8AB7C9EC7D5D0A42C4
                                                            Function 004F14D7 Relevance: .3, Instructions: 280COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cba3e1af3c82e5473974eff61eefa90a3726e1663174bbd89fde5047353e99d1
                                                            • Instruction ID: debbb0bb859616c64aa155db72010cc0f1ac7b49a8d725f5950c621ccabf743e
                                                            • Opcode Fuzzy Hash: cba3e1af3c82e5473974eff61eefa90a3726e1663174bbd89fde5047353e99d1
                                                            • Instruction Fuzzy Hash: A5A1D0F3F112254BF3444979DC983617683DBE5314F2F82798A48AB7C5E87E9C0A5384
                                                            Function 004FF273 Relevance: .3, Instructions: 278COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 437fe85642cf55310b77bc779831aedb9a1b15585cd58b0903a49042a7f9244d
                                                            • Instruction ID: a6a5290e4461463c5be40f6c15c6f64f4b137267163aad8d6af2dae26ba1c825
                                                            • Opcode Fuzzy Hash: 437fe85642cf55310b77bc779831aedb9a1b15585cd58b0903a49042a7f9244d
                                                            • Instruction Fuzzy Hash: 72A168B3F1122547F3944929CCA83A265839BD5324F3F823D8E696BBC9DC7E5D0A1384
                                                            Function 005092CF Relevance: .3, Instructions: 278COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a709e45ef956ba68706497cc934073b6015801808c8ec16f88c73942f09e86f4
                                                            • Instruction ID: ca0c4e1624468982d29b08963c95735366eddceb647223058dd6fec4c88b1064
                                                            • Opcode Fuzzy Hash: a709e45ef956ba68706497cc934073b6015801808c8ec16f88c73942f09e86f4
                                                            • Instruction Fuzzy Hash: 0FA15AF3F1122547F3944929CC98362A2939BD1324F2F82798A5D6B7C5ED3E9D0A9384
                                                            Function 00449036 Relevance: .3, Instructions: 277COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bd45d5f962a50797681feb0535b664f0b166767aa04c9d999bb5584c1dddc6a6
                                                            • Instruction ID: c6b0c1ed29bf0f2f5b1e01b2711a4eed709c615cef7110332ace99ed232e0642
                                                            • Opcode Fuzzy Hash: bd45d5f962a50797681feb0535b664f0b166767aa04c9d999bb5584c1dddc6a6
                                                            • Instruction Fuzzy Hash: 0B9168B7F1122107F3584878CD683A265839BD5325F2F82788F5DAB7C6E8BE5C0A0384
                                                            Function 00480114 Relevance: .3, Instructions: 277COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0b725d403795781baf9ed0da4642313d89265332039e89e1a6ca57412d81231a
                                                            • Instruction ID: c3ae5cf4acf0c41a9941513080fde46ad921697f79dd1805333843668f1e1fa4
                                                            • Opcode Fuzzy Hash: 0b725d403795781baf9ed0da4642313d89265332039e89e1a6ca57412d81231a
                                                            • Instruction Fuzzy Hash: A99169B3F112254BF3544939CC543A266839BE5720F2F82798E9DAB7C5EC7E9C0A5384
                                                            Function 004D1381 Relevance: .3, Instructions: 277COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 446ca2a863f372386f6dbcea2d4d0b1661f06c3e4abd46ed191886aeeb5f2c31
                                                            • Instruction ID: 18569ea6272e09de5dbc1b91f44587689e651d5f4858938fdd91f530faa404e6
                                                            • Opcode Fuzzy Hash: 446ca2a863f372386f6dbcea2d4d0b1661f06c3e4abd46ed191886aeeb5f2c31
                                                            • Instruction Fuzzy Hash: D3915AF3F5122547F3444978CC983A221839BD5325F2F82788B59ABBC9EC7E5D0A5384
                                                            Function 0047E0A6 Relevance: .3, Instructions: 276COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2656822a4c7749dcce55fe866af2b4660c84b0f89f22b099d1350c38df1e2fa8
                                                            • Instruction ID: 7c1d15e4769f3664bba4f8108a238ac994cdf20a0c8ced3d931dbd988f75b9b0
                                                            • Opcode Fuzzy Hash: 2656822a4c7749dcce55fe866af2b4660c84b0f89f22b099d1350c38df1e2fa8
                                                            • Instruction Fuzzy Hash: 5D917EF3F5122547F3444874CC983A26583D7D5325F2F82388F58ABBC9E87E8D0A5288
                                                            Function 0046C1FB Relevance: .3, Instructions: 276COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 613ed6daa3e8fa4e039834903e0b589853aa0757f8c156af6578e955e842d01c
                                                            • Instruction ID: 8fdcf9f68532fa19d8fa0e2cf1399a321236ddb5ab82f81d70bd4ed73bab7b02
                                                            • Opcode Fuzzy Hash: 613ed6daa3e8fa4e039834903e0b589853aa0757f8c156af6578e955e842d01c
                                                            • Instruction Fuzzy Hash: 989135B3F112254BF3544939CD583626683ABD5324F3F82788A9C6BBC9DC7E9D0A5384
                                                            Function 0047538D Relevance: .3, Instructions: 276COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 16a5aa6b7af4fb1e70f3319a48e26404e31c08c2d0dd4325e8be6299e9a5a822
                                                            • Instruction ID: 4d79847b2bb0431768b2bd9e47e1c47337321b972a7b5512f22f653639f1cbb2
                                                            • Opcode Fuzzy Hash: 16a5aa6b7af4fb1e70f3319a48e26404e31c08c2d0dd4325e8be6299e9a5a822
                                                            • Instruction Fuzzy Hash: A6A16BF3F212254BF3984D78CC983627682D791310F2F82798E59AB7C5D97E5D099388
                                                            Function 00443028 Relevance: .3, Instructions: 274COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ab5b2d97cfdfba66c2d0fb26c05507d58f89a58b97c002eb3ca790581055a107
                                                            • Instruction ID: 23605441fa08f1d3dbbed1921ecd98a10fe65a20c0b2c381f49e6182ead74f9e
                                                            • Opcode Fuzzy Hash: ab5b2d97cfdfba66c2d0fb26c05507d58f89a58b97c002eb3ca790581055a107
                                                            • Instruction Fuzzy Hash: 85917BB3F5112547F3944839CD993A26583DBD5324F2F82398E596BBC9DC7E8D0A1384
                                                            Function 0043E1D8 Relevance: .3, Instructions: 274COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 766b8d43c5e5599cc6ef5cfbe4245bcfab2231f96e2ddcc199f104689101795f
                                                            • Instruction ID: 658580df0a7021f8f327a408ce1c1ef2ba088670b228b337d2b08ccb4493509d
                                                            • Opcode Fuzzy Hash: 766b8d43c5e5599cc6ef5cfbe4245bcfab2231f96e2ddcc199f104689101795f
                                                            • Instruction Fuzzy Hash: ED91BBB3F112244BF3544D39CC583A27692DBE5324F2F82788E99AB7C4D97E6D0A5384
                                                            Function 004A1296 Relevance: .3, Instructions: 274COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f13580356dd985ccc3c92cf89aad3939c4a9c7d2690e88f6a51e01f6db057ab1
                                                            • Instruction ID: 1659b86b883d1b8ccd76eda973ada0d6960d2a9f02076631db1ad528319a857a
                                                            • Opcode Fuzzy Hash: f13580356dd985ccc3c92cf89aad3939c4a9c7d2690e88f6a51e01f6db057ab1
                                                            • Instruction Fuzzy Hash: 85A1B1B3F102154BF3444E28CCA43A27293DBD5324F2F827D8A596B3D5D97EAD0A9384
                                                            Function 0043C0F1 Relevance: .3, Instructions: 273COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 547bd11418f3154b141fccbf09e81c3008e357df02901f233da9c799ac14f9f0
                                                            • Instruction ID: 348cf3d30a93e58810cdc15ac9dcd8323fff6cddf519d2abc73bd5bedbba66aa
                                                            • Opcode Fuzzy Hash: 547bd11418f3154b141fccbf09e81c3008e357df02901f233da9c799ac14f9f0
                                                            • Instruction Fuzzy Hash: 27917BB3F1152447F3544929CC983A2A283DBD5325F2F82798E4C6B7C9E8BE6C4A53C4
                                                            Function 0042D21D Relevance: .3, Instructions: 272COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a681632cf359b1f21a7de4aad4011b3faa04f32a5566876076827022c481db77
                                                            • Instruction ID: bfd5f7e5c339b46cf3ed49513da17d822dea87b4057ed5827bc576470abcc2f9
                                                            • Opcode Fuzzy Hash: a681632cf359b1f21a7de4aad4011b3faa04f32a5566876076827022c481db77
                                                            • Instruction Fuzzy Hash: 0591C1B3F112254BF3844938CC693A22683DBD5324F2F82798E999B7C5EC7E5D0A5384
                                                            Function 004C239B Relevance: .3, Instructions: 272COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 74b0fab6d30bc6fa0ca6e3df6e2894f035968af2c95fe15627f135b6b03d8e50
                                                            • Instruction ID: d9376afe4249b31207e4cbf24daf6653fe1e416cc196301f7db0353f85559fc8
                                                            • Opcode Fuzzy Hash: 74b0fab6d30bc6fa0ca6e3df6e2894f035968af2c95fe15627f135b6b03d8e50
                                                            • Instruction Fuzzy Hash: E5919BF3F1023547F7544E69CC9836166829B95320F2F82798E4C6B7C9E97E2C0A93C4
                                                            Function 0045C0E2 Relevance: .3, Instructions: 271COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4c3ab2d776bb74c6250f46f0333607358b1477bd18299b54fac145323e47fc88
                                                            • Instruction ID: 04cdc8a4702159c70cb6f366fc24eec0f9e6d6dcfe6519b298315f4f7e9f89b7
                                                            • Opcode Fuzzy Hash: 4c3ab2d776bb74c6250f46f0333607358b1477bd18299b54fac145323e47fc88
                                                            • Instruction Fuzzy Hash: DF9197B3F116254BF3904925DC943A27282DBD5324F2F82798F986B7C6D97E6C0A9384
                                                            Function 00470184 Relevance: .3, Instructions: 269COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 80799deb97a25cf5a9e538ca5b263f25dff4da2d1d263793be186939a323ee9f
                                                            • Instruction ID: bf850fbf4e0961241feb01c8e787230ab8f99be055a139cc61581c735adae6c7
                                                            • Opcode Fuzzy Hash: 80799deb97a25cf5a9e538ca5b263f25dff4da2d1d263793be186939a323ee9f
                                                            • Instruction Fuzzy Hash: 9A91A0B3F606254BF3944878CD983A26582D7D4324F2F83788F6CA77C5D8BE8D4A5284
                                                            Function 0051219B Relevance: .3, Instructions: 269COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fa0cff82c07cda27bf14e406273ff9065434d9cef85c8d89493a4d3d71d4f88e
                                                            • Instruction ID: a0832f9403aaa8c517daa712f1e8e6f0b80efd50f97167b3ae6c209496a7832e
                                                            • Opcode Fuzzy Hash: fa0cff82c07cda27bf14e406273ff9065434d9cef85c8d89493a4d3d71d4f88e
                                                            • Instruction Fuzzy Hash: FC9178F3F1122547F3544969DC98361A282ABA5324F2F82798F9CAB3C5DD7E6C0A53C4
                                                            Function 00438297 Relevance: .3, Instructions: 269COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7c3c33143353c810093835faab5b143dc7762613c2fbb3cb3b1b2058bcabbdf3
                                                            • Instruction ID: 808dc2e0fcb92e11963ba3b2f5b97935d9cb3a9de9516b40ab4180bef9edd1d7
                                                            • Opcode Fuzzy Hash: 7c3c33143353c810093835faab5b143dc7762613c2fbb3cb3b1b2058bcabbdf3
                                                            • Instruction Fuzzy Hash: 8991C1F3F1122587F3404E29DC943A27692DB95324F3F42788E58AB7C5E97E9D0A5384
                                                            Function 004FE3FE Relevance: .3, Instructions: 269COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c4676a0cfbdc2127a1d6af9462afda5c958651c898f61a55190ae0367d86efb1
                                                            • Instruction ID: 0b2e43e628cfaa77c9aee25c513ed657db583f197426da27550f6d52a13b9a30
                                                            • Opcode Fuzzy Hash: c4676a0cfbdc2127a1d6af9462afda5c958651c898f61a55190ae0367d86efb1
                                                            • Instruction Fuzzy Hash: 90916BF3F116254BF3844939DC943A222839BD5324F2F82788E5CAB7C5E97E9D0A5384
                                                            Function 004E33BE Relevance: .3, Instructions: 269COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b11ed169551183fccb64b53fca21d38953b5831ed86764bb2ff3db77a97ddf1d
                                                            • Instruction ID: ed3e5cadfa0095b9f57e8f81e4386ce6e1816b6bf93474a0de42658ed46cfc69
                                                            • Opcode Fuzzy Hash: b11ed169551183fccb64b53fca21d38953b5831ed86764bb2ff3db77a97ddf1d
                                                            • Instruction Fuzzy Hash: 79919EF3F115254BF3804969CC983A26683EBD5324F2F82788A9C6B7C5DC7E9D0A5384
                                                            Function 0043100E Relevance: .3, Instructions: 267COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: da9a25472d968bd8e310a1e9a5a4620c510ca07ca2f6907d2d497738417e1f0e
                                                            • Instruction ID: 7ebf4f0286b7dc77693924a57bc67127324cda1db0fb7803c3c04eac7f27d5f2
                                                            • Opcode Fuzzy Hash: da9a25472d968bd8e310a1e9a5a4620c510ca07ca2f6907d2d497738417e1f0e
                                                            • Instruction Fuzzy Hash: 849148F3F116254BF3544929CC943A166839BE5320F3F82788EA89B7C5E97E9D0A5384
                                                            Function 004E2096 Relevance: .3, Instructions: 267COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4902062d0b62ab283341ad678eada5597997f9f05c071bbfd77195a2d9027794
                                                            • Instruction ID: 08189412cc410d08c5c5a923cc8b3227e1921465f064051e5e8a9cfb10bccf5d
                                                            • Opcode Fuzzy Hash: 4902062d0b62ab283341ad678eada5597997f9f05c071bbfd77195a2d9027794
                                                            • Instruction Fuzzy Hash: F691ADB3F102254BF3544E28DC943A17292DBD9310F2F82798E886B7C9D97F6D099784
                                                            Function 004C01CB Relevance: .3, Instructions: 267COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fe60916be48b40141d3e924740d5cfd25f08d92f5b295257d801e3b3cb0f6e25
                                                            • Instruction ID: f9e07a06bd130d37f052dd6f2b798563ffd4ece6a56f58a7a186e6145d2ed18d
                                                            • Opcode Fuzzy Hash: fe60916be48b40141d3e924740d5cfd25f08d92f5b295257d801e3b3cb0f6e25
                                                            • Instruction Fuzzy Hash: F6919EB7F111254BF3944D29CD483A166839BD4320F3F82798E9CA77C4E97E9D0A5388
                                                            Function 004D72E9 Relevance: .3, Instructions: 267COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a457f6f7fe5bbd690d6be30e9f21c984963b0bce430a0d264167d42b2f95f57e
                                                            • Instruction ID: ee86a553fc1c5091dd7be36ac10291b1ab53686ca12d572e2285fbeaf64740eb
                                                            • Opcode Fuzzy Hash: a457f6f7fe5bbd690d6be30e9f21c984963b0bce430a0d264167d42b2f95f57e
                                                            • Instruction Fuzzy Hash: 0C919BB3F1112447F3544D28CCA43A27282DB95321F2F827D8E99AB7C5D93EAD0A9384
                                                            Function 004B0453 Relevance: .3, Instructions: 267COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8813cdbdf14cceef8fe1d9b7550e1c426bcbc1064b085638250c516b1bbca981
                                                            • Instruction ID: fc5d1d0d60d84fdb56ee73bc3bba6956e6a8b8e24cdd4889334d1a520ee03ae2
                                                            • Opcode Fuzzy Hash: 8813cdbdf14cceef8fe1d9b7550e1c426bcbc1064b085638250c516b1bbca981
                                                            • Instruction Fuzzy Hash: CC918DB3F5022447F3944839CC983A26682DB95320F2F827D8F59AB7C9DC7E5C4A5384
                                                            Function 004E24A4 Relevance: .3, Instructions: 267COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8ac3d63e71f3c9714122aba6d25771d1280a2ba316a12597eae82a4d2b2e2ede
                                                            • Instruction ID: 0097f30365d14f1c9fc76cf95c49da5eb7b56762b901a14e627d43f0952ca713
                                                            • Opcode Fuzzy Hash: 8ac3d63e71f3c9714122aba6d25771d1280a2ba316a12597eae82a4d2b2e2ede
                                                            • Instruction Fuzzy Hash: 6E91AFF3F0122547F3440969DC983626683D7D5325F2F82398F59ABBC9E8BE5C0A5384
                                                            Function 004FC3DD Relevance: .3, Instructions: 266COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a35e013489801b519ad43fdd8f827a13c53c9b3ca0c1ea5510c4f7d4ae95f8b4
                                                            • Instruction ID: 68c537503b0238d8cc557e38d589189e39af73c19ed9d7cac340708cdaae61ab
                                                            • Opcode Fuzzy Hash: a35e013489801b519ad43fdd8f827a13c53c9b3ca0c1ea5510c4f7d4ae95f8b4
                                                            • Instruction Fuzzy Hash: 97917CB3F112198BF3544D29CC983A27283DBD5324F2F82788B586B7C5D97E9D0A9384
                                                            Function 00452382 Relevance: .3, Instructions: 266COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8e21e1a8f26ebb55b02e6ecaf652dfdf4a7558be44ae4229814756abe7bd9fae
                                                            • Instruction ID: c694b45cd85c8bfc0b20a393faab2a088ebbe3aa78100c2dc60b9f43b61c736d
                                                            • Opcode Fuzzy Hash: 8e21e1a8f26ebb55b02e6ecaf652dfdf4a7558be44ae4229814756abe7bd9fae
                                                            • Instruction Fuzzy Hash: B99157B3F1122547F3944839DD683A62583DBD5324F2F82388E58ABBC9EC7E4D0A5384
                                                            Function 004A80A5 Relevance: .3, Instructions: 265COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cc0df9bb276922c205b45cca1b87fd3cf4aa39e4216156c6ff75897a0bd37207
                                                            • Instruction ID: ffeb21c87037bb59d35b768d055b14a8aec7741e1e5a7eca67667c491b24cbd4
                                                            • Opcode Fuzzy Hash: cc0df9bb276922c205b45cca1b87fd3cf4aa39e4216156c6ff75897a0bd37207
                                                            • Instruction Fuzzy Hash: 8591B0B3F616254BF3544879CC943A225839BD5324F2F82788F58ABBC9DCBE5C0A1384
                                                            Function 0049D104 Relevance: .3, Instructions: 264COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2033ddc642673008888687c09f18fb99be02ea3d5cf034ac773c827db98198bb
                                                            • Instruction ID: 062e03ff4e87a71d44104eab3aea0081e1386ea623b978a7da269ef503a34cf7
                                                            • Opcode Fuzzy Hash: 2033ddc642673008888687c09f18fb99be02ea3d5cf034ac773c827db98198bb
                                                            • Instruction Fuzzy Hash: 35919EF3F5162547F3844828DC983A22583DB95325F2F82788F69AB7C5D87E9D0A5388
                                                            Function 004B34AA Relevance: .3, Instructions: 264COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: badae6b24ed4f3ecdbcdc986ac76f333a922476b7f2b318b2576eab3a8c1f4cd
                                                            • Instruction ID: 8b37efb74b46a570fe84773c65c8d60d271f76270abe26967a37d450c0c3d3a2
                                                            • Opcode Fuzzy Hash: badae6b24ed4f3ecdbcdc986ac76f333a922476b7f2b318b2576eab3a8c1f4cd
                                                            • Instruction Fuzzy Hash: F7918AB3F212254BF3504929DC883A136939BD6321F3F82798E586B7C5DD3E9D0A9384
                                                            Function 00511291 Relevance: .3, Instructions: 263COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cbb75a7d5d6824e7ccdec1e3518c25e3bdc911a69a3431df71cf87b1c1e40afb
                                                            • Instruction ID: 9fdf62be52aa152cb7b690bb14f838dfe98a8b579329fd08a34e7f102664c9b8
                                                            • Opcode Fuzzy Hash: cbb75a7d5d6824e7ccdec1e3518c25e3bdc911a69a3431df71cf87b1c1e40afb
                                                            • Instruction Fuzzy Hash: A3918CB3F5162547F3444929DC983A17283DBD5324F3F82788A98AB7C5DC7EAD0A5388
                                                            Function 004DC3F8 Relevance: .3, Instructions: 263COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d536f6c9d13b0ae267e92a313e669109da2b76a7422b1baeb4fdca9071490596
                                                            • Instruction ID: 5db338140b72dcf8f5df3e14d7e5d64a9c3c95db7cf200b469e10f99f0b1dacd
                                                            • Opcode Fuzzy Hash: d536f6c9d13b0ae267e92a313e669109da2b76a7422b1baeb4fdca9071490596
                                                            • Instruction Fuzzy Hash: BF915AB3F1122587F3944928CC94361B292AB95320F2F42798E9C7B7C5D97E6D0A97C4
                                                            Function 004BF3C4 Relevance: .3, Instructions: 262COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5ef3eeabcc105ce48c1e3e601a4f2d08c6c5680373232eb1ab87912ef728d49e
                                                            • Instruction ID: c5ae82de1e79961e1454c4f18f101742a6b7e2100caa0aac7c927c37f137f8bc
                                                            • Opcode Fuzzy Hash: 5ef3eeabcc105ce48c1e3e601a4f2d08c6c5680373232eb1ab87912ef728d49e
                                                            • Instruction Fuzzy Hash: EA917DB3F1022547F3444978DD983A26692D795324F2F82788F98AB7C9E87E9D0A53C4
                                                            Function 004434AA Relevance: .3, Instructions: 262COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 01320bd34ae04bf1a199c880a316210907e2484f5282ed6169fc28069cd5766a
                                                            • Instruction ID: d94a7d8098c410d3d55921aeda4dfc1b374e5ea2a0478bf863573e14c7806186
                                                            • Opcode Fuzzy Hash: 01320bd34ae04bf1a199c880a316210907e2484f5282ed6169fc28069cd5766a
                                                            • Instruction Fuzzy Hash: 19914AF3F1112547F3948979CC943626582EBD5324F2F82788E98AB7C9EC7E9D0A5384
                                                            Function 0050D405 Relevance: .3, Instructions: 261COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4a9bcac2b8a4982c9e157d8eaf02a707a37bbeabd3dd1c397881b949a369653e
                                                            • Instruction ID: 97e8f03412e59c05f94cb55e9491da81e8349844172550a0f74defbf17d03830
                                                            • Opcode Fuzzy Hash: 4a9bcac2b8a4982c9e157d8eaf02a707a37bbeabd3dd1c397881b949a369653e
                                                            • Instruction Fuzzy Hash: D2919EF3F2052647F7544D38CD993A26682DB95320F2F82398F59AB7C5E87E8D095384
                                                            Function 004F8086 Relevance: .3, Instructions: 258COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b4a7a6a4c3be99ed7cc93179d38d2adba98ad26ad66a8fff33b65e339cf73bab
                                                            • Instruction ID: 4b9997e5deea150b2dd06198c6942aef6dce81048cb27386e891f9008f51fe46
                                                            • Opcode Fuzzy Hash: b4a7a6a4c3be99ed7cc93179d38d2adba98ad26ad66a8fff33b65e339cf73bab
                                                            • Instruction Fuzzy Hash: 9C9190B3F112244BF3444D29CC983A17693EBD5324F2F4279CA58AB7C5D97EAD0A9384
                                                            Function 004AD12E Relevance: .3, Instructions: 258COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 035b218f3eeed50f8a968fe40ec2bba2a75b26b82ea0fda06a57cae02a2951c9
                                                            • Instruction ID: a7c39ecf68f755119afad5adadbd7d773adb38775e3b9d50cbfd9f5959835c03
                                                            • Opcode Fuzzy Hash: 035b218f3eeed50f8a968fe40ec2bba2a75b26b82ea0fda06a57cae02a2951c9
                                                            • Instruction Fuzzy Hash: B9918FB7F2122647F3844D38CD983A17682EB95324F2F82788E586B7C8DD7E5D0A5784
                                                            Function 00435343 Relevance: .3, Instructions: 258COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7cf025eba0b49b1e1c59bad0af358def453a8fe6aea863811a2d119bafebd2cc
                                                            • Instruction ID: b3825c9f166d822c5f9e2136fb554b41850b69adf5bdacec4a15096a478526b2
                                                            • Opcode Fuzzy Hash: 7cf025eba0b49b1e1c59bad0af358def453a8fe6aea863811a2d119bafebd2cc
                                                            • Instruction Fuzzy Hash: 2691A9F3F106254BF3884929DC983622293DBD5320F2F82788E49ABBC5DD7E5D0A5384
                                                            Function 00441348 Relevance: .3, Instructions: 257COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a183ae193f3ee276c1fceab2bb273a5f630e387da404f85a4c364a74497690cf
                                                            • Instruction ID: 0cdfec050e606244b559d6ace088e97af978c511855a5c38f813c74b34e42968
                                                            • Opcode Fuzzy Hash: a183ae193f3ee276c1fceab2bb273a5f630e387da404f85a4c364a74497690cf
                                                            • Instruction Fuzzy Hash: C8917AB7F2212547F3444D38CC983A176939B95324F3F82788A68AB7C5ED7E9D0A5384
                                                            Function 0045035C Relevance: .3, Instructions: 256COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5195bb5bb01699c0a95b3206e8255fbfc70d381fbf326f9364328a8eded5b63e
                                                            • Instruction ID: ccb0ade2f5f7d5c8759cbf033a6bb97b9f6235846117b32b010db7d2c59ae3d0
                                                            • Opcode Fuzzy Hash: 5195bb5bb01699c0a95b3206e8255fbfc70d381fbf326f9364328a8eded5b63e
                                                            • Instruction Fuzzy Hash: 4A919DB3F111254BF3404D29CC543A27683DBD5324F2F82798B98AB7C4D97EAD0A5388
                                                            Function 00460025 Relevance: .3, Instructions: 254COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b8032ec3e75679d496947c96bbb7db33b240ca4beb128abe0499095730be088d
                                                            • Instruction ID: 1f031ec78d4815c07e1eeaac3c4ecc59fdea078121fc80253ad07e7a041162b3
                                                            • Opcode Fuzzy Hash: b8032ec3e75679d496947c96bbb7db33b240ca4beb128abe0499095730be088d
                                                            • Instruction Fuzzy Hash: 0E9180B3F1122587F3944E68CC843A17693EBD5320F2F82788E586B7C5D97E5D096784
                                                            Function 0048B20A Relevance: .3, Instructions: 254COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 800a9cb162cac0db16e694cfc4a6856c27311801a32bf4330eeb4dcf5391b3bb
                                                            • Instruction ID: deeeb9429f64e0fe9475af9e46b6a7cd3290f3d0a8faf510f52286edd3c17980
                                                            • Opcode Fuzzy Hash: 800a9cb162cac0db16e694cfc4a6856c27311801a32bf4330eeb4dcf5391b3bb
                                                            • Instruction Fuzzy Hash: 989169F3F102254BF3544939DD98362668397D5320F2F82388FA86BBC9E87E5D0A5384
                                                            Function 004D423A Relevance: .3, Instructions: 254COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d3d07b874f8d91e6e7681b32ff2f60d2fd9218e32b99d449ce74edf5c3ab54d5
                                                            • Instruction ID: fb39ec9a0cf19601fca0a66ba133120484e2f5f7c05daa8db54830f7a50e94e7
                                                            • Opcode Fuzzy Hash: d3d07b874f8d91e6e7681b32ff2f60d2fd9218e32b99d449ce74edf5c3ab54d5
                                                            • Instruction Fuzzy Hash: F491AAB7F112254BF3900D68DC983A17682EBA5324F2F86788E9C6B7C5D87F5D095384
                                                            Function 00453333 Relevance: .3, Instructions: 254COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e16e7056228d5d9cfa793b22538157349c0993f27aa0db7adec0091084321101
                                                            • Instruction ID: e819d336e70f147799dbf3514db6f148fb1ffea15cfa0c4daf752446633a658d
                                                            • Opcode Fuzzy Hash: e16e7056228d5d9cfa793b22538157349c0993f27aa0db7adec0091084321101
                                                            • Instruction Fuzzy Hash: CC918DF7F1062547F3944938CD683626582DB95324F2B83388F59ABBC9EC7E5D095384
                                                            Function 0049B406 Relevance: .3, Instructions: 254COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b1b01d4a70284905dc9ccd247c127518e24b2f2e74555fea1f3f14502a7b02f8
                                                            • Instruction ID: 484657e6ffd0533f83d09c689a3963ca3f61385dbbeeb282e80b6c1f8b7cb2f8
                                                            • Opcode Fuzzy Hash: b1b01d4a70284905dc9ccd247c127518e24b2f2e74555fea1f3f14502a7b02f8
                                                            • Instruction Fuzzy Hash: EB91C0B3F112254BF3544D39DC943A17683DBD5324F2F82788A489BBC9D93EAD0A5384
                                                            Function 0045E0B6 Relevance: .3, Instructions: 252COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 08ed9b9b07ec1df502a95c47811b00c7542990630f8c03583649b018c9c774fa
                                                            • Instruction ID: adf9ecc300236bf145648cc18977fa3fbe55b07c2c404cc11100f68235b63470
                                                            • Opcode Fuzzy Hash: 08ed9b9b07ec1df502a95c47811b00c7542990630f8c03583649b018c9c774fa
                                                            • Instruction Fuzzy Hash: 8191BEB3F102254BF3544978CC983A276929B85320F2F83788E68AB7D5DD7E5D0993C4
                                                            Function 0045B35B Relevance: .3, Instructions: 252COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a4f6561f3468b4ef5e2a265bbfe6063e411e3c341c5b7c597eb997e26e7f439b
                                                            • Instruction ID: b1ccc437e597b074d99fe1226bc06b3cf0cbfb94c4e502d219b511b9a95aca7c
                                                            • Opcode Fuzzy Hash: a4f6561f3468b4ef5e2a265bbfe6063e411e3c341c5b7c597eb997e26e7f439b
                                                            • Instruction Fuzzy Hash: 8281ABB3F102254BF3484D28CC983627683DBD5314F2F82798A499B7C5DD7EAD0A5384
                                                            Function 0045E4EC Relevance: .3, Instructions: 252COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 65dad7a5a2419e77ddbe2100d21ada16d3ed2e0356f2f56ad76b400ff442d438
                                                            • Instruction ID: 76cf9a0e3c2c42ceaa2c9ceb0b755a14cc390b3f593e5e941b2121c424f0cd0f
                                                            • Opcode Fuzzy Hash: 65dad7a5a2419e77ddbe2100d21ada16d3ed2e0356f2f56ad76b400ff442d438
                                                            • Instruction Fuzzy Hash: 3F816BB3F1122547F3848939CD983A27683DBD5314F2F82798B89AB7C9DC7E5D0A5284
                                                            Function 004C6048 Relevance: .2, Instructions: 250COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fef5d0343610522383e31bfd67345451538f1418208e55007638a2c5ccc86c62
                                                            • Instruction ID: 012a4286e5d1c174dbbbf8a226f97f506790f5b1f65d4cac06d8d4d26c7a981c
                                                            • Opcode Fuzzy Hash: fef5d0343610522383e31bfd67345451538f1418208e55007638a2c5ccc86c62
                                                            • Instruction Fuzzy Hash: 4E919DB3F606258BF3884934DCA83A23292DB95321F2E827D8F595B7C5DC7E5D099384
                                                            Function 004DE1FF Relevance: .2, Instructions: 250COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 55d867c130deda6e44f99db1fc7088ae388646d6401020601c2532ea4cf7c2a6
                                                            • Instruction ID: 30db6543e7318919cf87e7a7b1909f3eedb0129c66d7a23783a262e090296ce3
                                                            • Opcode Fuzzy Hash: 55d867c130deda6e44f99db1fc7088ae388646d6401020601c2532ea4cf7c2a6
                                                            • Instruction Fuzzy Hash: 98915CB3F116254BF3888929DC643626683DBD5324F2F817C8B49AB7C5ED7E9C0A5384
                                                            Function 004B7232 Relevance: .2, Instructions: 250COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ffd3e73ebde0cd85e8fdde453904ee80b8bf35f06cefc9143fe5d556dbe3cf57
                                                            • Instruction ID: e51a1a5877ca9af9cd17c9ae55f2a0bbf4614e50686b30f5397873fb4ab8ff32
                                                            • Opcode Fuzzy Hash: ffd3e73ebde0cd85e8fdde453904ee80b8bf35f06cefc9143fe5d556dbe3cf57
                                                            • Instruction Fuzzy Hash: B5918BF7F216254BF3844928CC583A27653DBE5314F2F81798B886B7C6D97E9C0A5384
                                                            Function 00440120 Relevance: .2, Instructions: 249COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 906713112a2bcfc4ea21b5e11daafb2321538192ed2cdfa990d3fda26b9ce39f
                                                            • Instruction ID: a6a67b67c9ceeb8bd7d6fda9c7ead537a8b3d989bbf13ab1001ed7410b581514
                                                            • Opcode Fuzzy Hash: 906713112a2bcfc4ea21b5e11daafb2321538192ed2cdfa990d3fda26b9ce39f
                                                            • Instruction Fuzzy Hash: 9181CFB3F1122547F3844979CC983A27683DBD5320F2F82798E58ABBC8D87E5D0A5384
                                                            Function 0049448A Relevance: .2, Instructions: 248COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 524c3c9a0df86afdc8f194b7c4e5b3e432dbcd6459290249ecc6e283da4df534
                                                            • Instruction ID: d3203b7a8ffd2915765359f4dec8d8506a34364547eb17299613934dfe2d1096
                                                            • Opcode Fuzzy Hash: 524c3c9a0df86afdc8f194b7c4e5b3e432dbcd6459290249ecc6e283da4df534
                                                            • Instruction Fuzzy Hash: 63819FB3F106254BF3840979DC983A16642DBD5324F2F82798F19AB7C6DCBE9D0A5384
                                                            Function 0048C340 Relevance: .2, Instructions: 247COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4a4e2f354479513903cc3372acf9cef4f1e30e654af4b4c1ba445f28207d3958
                                                            • Instruction ID: b363d1fef6993cdbb05bae0bbef7f63542562b07e985cbcab51ad15f6c18d244
                                                            • Opcode Fuzzy Hash: 4a4e2f354479513903cc3372acf9cef4f1e30e654af4b4c1ba445f28207d3958
                                                            • Instruction Fuzzy Hash: 4681AEB3F202258BF7444D39CD583A22683DBD9320F2F82799A699BBC9DC7D5D0A5344
                                                            Function 004EC187 Relevance: .2, Instructions: 244COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 34b80eb01bc1aaf9ae792574c665c8c87214cdbd5420f444fc3e5a0cdb8a99ff
                                                            • Instruction ID: b06068d17453b26d2b8955c5d3b8404923c4aa2d9fc82af35a665266f35e16da
                                                            • Opcode Fuzzy Hash: 34b80eb01bc1aaf9ae792574c665c8c87214cdbd5420f444fc3e5a0cdb8a99ff
                                                            • Instruction Fuzzy Hash: C581CFB3F112254BF3944D78DC983A27292DB95324F2F82798E986B7C5DC3E6D0A5384
                                                            Function 0049E383 Relevance: .2, Instructions: 244COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 889ca45f06b22ac08f4b178b06692e4abdad8d56fdc0af396291ed39d1779c1c
                                                            • Instruction ID: 23771b5aa813ba3b8c4b647473d558d8b66a71e395f80aa27bdf6ba6b2bb9feb
                                                            • Opcode Fuzzy Hash: 889ca45f06b22ac08f4b178b06692e4abdad8d56fdc0af396291ed39d1779c1c
                                                            • Instruction Fuzzy Hash: A981BEB7F011254BF3444D28DC54362B683DBD5314F2F82398E68AB7C9E93EAD0A5384
                                                            Function 004A7454 Relevance: .2, Instructions: 243COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2590d97bf5fe0305b5fa3dae89193ffe13f8647bc9834b327a222548f8405de6
                                                            • Instruction ID: effd769475551e9dcc9d4217772dc70fd107bc611d50a09f9150357c1fa9d510
                                                            • Opcode Fuzzy Hash: 2590d97bf5fe0305b5fa3dae89193ffe13f8647bc9834b327a222548f8405de6
                                                            • Instruction Fuzzy Hash: 97818BB3F6152547F3944938CC583A26283ABD0324F2F827D8E996BBC9DC7E5D0A5384
                                                            Function 004851BC Relevance: .2, Instructions: 242COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c51fbadb5fdac75c16a23fadfd98b9d7d28e47475d306ac44f1ce09352bd68da
                                                            • Instruction ID: 59ed791dac25195f43615e02a6e4e3c58cbc93e5d21caa003a5a7b4ab2d689f0
                                                            • Opcode Fuzzy Hash: c51fbadb5fdac75c16a23fadfd98b9d7d28e47475d306ac44f1ce09352bd68da
                                                            • Instruction Fuzzy Hash: 81817CB3F216258BF3940939CD583627683DBD5310F2F82788E59AB7C5D87E9D0A5384
                                                            Function 0049333F Relevance: .2, Instructions: 242COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 459428b3c8da1135b9d660ee90a9d25c808ddfa2e1b2666523e961b76261424d
                                                            • Instruction ID: fb59c2cf19f919334f3693d029b9b186e59882ef9c435cd5c0aa1a63a7188ccb
                                                            • Opcode Fuzzy Hash: 459428b3c8da1135b9d660ee90a9d25c808ddfa2e1b2666523e961b76261424d
                                                            • Instruction Fuzzy Hash: 24819EF7F1122647F3844978CD983A22582DB95324F3F82388F699B7C5EC7D990A5384
                                                            Function 00513558 Relevance: .2, Instructions: 242COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6ff5cd42afe860c22f6838cb9fd84544d291a650c6e9d408b23128cbfd812f2b
                                                            • Instruction ID: 3c4d44d45c068b05923c4e7f235602ab7c1e6eb80070cc86e20a793b6c4f28b2
                                                            • Opcode Fuzzy Hash: 6ff5cd42afe860c22f6838cb9fd84544d291a650c6e9d408b23128cbfd812f2b
                                                            • Instruction Fuzzy Hash: AC818DF3F116264BF3544D68CC943A27282DB95324F2F82388E48AB7C5D97E5D0953C4
                                                            Function 00496394 Relevance: .2, Instructions: 241COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3061c6437a530cdd5d4e7e4ddf2a91a0af006bb4c2be5112173f803436972a30
                                                            • Instruction ID: 55d2562724d7ff8a7ed5692a09fae1035f1c92df0d2013a35270c8a8fa72dfd6
                                                            • Opcode Fuzzy Hash: 3061c6437a530cdd5d4e7e4ddf2a91a0af006bb4c2be5112173f803436972a30
                                                            • Instruction Fuzzy Hash: D981ADB3F112254BF3444D28DC883A17693DBD5324F2F82798E589B7C5D9BEAD0A9384
                                                            Function 00445461 Relevance: .2, Instructions: 241COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2c522dec78e929ae60aafe92a20108109401c0d99d63d165fdbef4cbfc863724
                                                            • Instruction ID: e79268f12934c391f1356418671e1836e9b81cfdd3639043f39797857edf1c7d
                                                            • Opcode Fuzzy Hash: 2c522dec78e929ae60aafe92a20108109401c0d99d63d165fdbef4cbfc863724
                                                            • Instruction Fuzzy Hash: 00818CB3F111258BF3904E28CC543A27252EB95325F2F82788E686B7C4D97F5D4A97C4
                                                            Function 004EE4DF Relevance: .2, Instructions: 241COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d60587bbe72aad452c106077aa6a66e800d7c2d0c6ba502d17ccf112681f9221
                                                            • Instruction ID: ca604b643ed9e09a06e7103bb947d697794eea20dd55fd646578e194ed7ac299
                                                            • Opcode Fuzzy Hash: d60587bbe72aad452c106077aa6a66e800d7c2d0c6ba502d17ccf112681f9221
                                                            • Instruction Fuzzy Hash: A7814BB3F102254BF3548D39CD9836266929B94324F2F827C8E98AB7C5D97E5D0A5384
                                                            Function 0043D1F3 Relevance: .2, Instructions: 239COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b4a34ae373b5c3ccfed96987ab2c864614b1992f7c4392cb5086e2f9262d575e
                                                            • Instruction ID: 27bceafa48defa7bcaa7025af66f2b12d3d6beb0d7b9eb0c97dd75de5f650827
                                                            • Opcode Fuzzy Hash: b4a34ae373b5c3ccfed96987ab2c864614b1992f7c4392cb5086e2f9262d575e
                                                            • Instruction Fuzzy Hash: 0C8190B3F5122647F3504D78DC583A26682DB95314F2F82798F48AB7C9D87E9D0A9388
                                                            Function 004421A9 Relevance: .2, Instructions: 239COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e256efb3bd0a9e72c43fe2b1cbca10be1f55777e0e223f35f426272f779b5a88
                                                            • Instruction ID: 69054cb8320afc9d065d8aec56078e6a95f93251976572c9f1574326e4d39aa9
                                                            • Opcode Fuzzy Hash: e256efb3bd0a9e72c43fe2b1cbca10be1f55777e0e223f35f426272f779b5a88
                                                            • Instruction Fuzzy Hash: 8E8169B3F216254BF3984D38CD983626282DB95314F2F827D8F49AB7C4D97E5D0A5384
                                                            Function 004E9242 Relevance: .2, Instructions: 238COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b2a0d6613ca1aa753f04926285d50be20bd15b16e3278888c571cf5066f5278c
                                                            • Instruction ID: 520c9740d3d12369a66d9df152bd8e0f25afbce49ec8801a1ac21c084ed3e3e8
                                                            • Opcode Fuzzy Hash: b2a0d6613ca1aa753f04926285d50be20bd15b16e3278888c571cf5066f5278c
                                                            • Instruction Fuzzy Hash: 8B8168F3F111254BF3544969CC543A162939B95720F2F427A8E5CAB7C0E97E5D0A63C4
                                                            Function 004F847A Relevance: .2, Instructions: 237COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 419474afaecbdec70b1e7d6808d4787897bae89c0153e5d6e972eaabd3fd3ab4
                                                            • Instruction ID: e43d067a387677bfe5560789ee505f5d45b5df890c2b1e67e411beb682ad47ae
                                                            • Opcode Fuzzy Hash: 419474afaecbdec70b1e7d6808d4787897bae89c0153e5d6e972eaabd3fd3ab4
                                                            • Instruction Fuzzy Hash: 8F819EF3F116244BF3944938CC983627282DBA1314F2F82788F59AB7D5E87E9D095388
                                                            Function 004F70E5 Relevance: .2, Instructions: 236COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fa579dc074956f2032bf4a832bd96c1fa7f3077be950f0061487d4771bf63002
                                                            • Instruction ID: 7c4cc95d0df74c13e7a72fdb3a8389b8602d6112e1e15a1332394cc921e8b1cc
                                                            • Opcode Fuzzy Hash: fa579dc074956f2032bf4a832bd96c1fa7f3077be950f0061487d4771bf63002
                                                            • Instruction Fuzzy Hash: 51816AB7F216254BF3444938CD5836265839BD5324F3F82788EA8AB7C5D87E9D0A5384
                                                            Function 005003C4 Relevance: .2, Instructions: 236COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 994cdcab53627b458d165af0b288e8bc30883ea847751656a7f886aa5e2a5cf0
                                                            • Instruction ID: 9f5e59f8e763c318fb5b969dcb3c2d4d10ce65a24553ceaabc7ef6aff10b65ba
                                                            • Opcode Fuzzy Hash: 994cdcab53627b458d165af0b288e8bc30883ea847751656a7f886aa5e2a5cf0
                                                            • Instruction Fuzzy Hash: 8F818AB3F012258BF3504E29CC54361B693EBD1324F3F82798A982B7C4D97E6D0A9784
                                                            Function 004F91DB Relevance: .2, Instructions: 235COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7135e000cdebeda6060afdb790d2923d9bbe1af0ad26d41f37fbc31d3da63899
                                                            • Instruction ID: 7a9380a268629e6ee0998f82c5fac668ee922cdc46f2cb0132f4289dfa7fb527
                                                            • Opcode Fuzzy Hash: 7135e000cdebeda6060afdb790d2923d9bbe1af0ad26d41f37fbc31d3da63899
                                                            • Instruction Fuzzy Hash: 94816AF3F112254BF3984978CC993626282DBE5310F2F82798F59AB7C5DC7E9D0A5284
                                                            Function 004884D0 Relevance: .2, Instructions: 235COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 68fe578d35092125205800651ebed04ab2cd78e9e768a7df53b5cc397d308b74
                                                            • Instruction ID: b663e6e28d67eb67599ca11292b0680df23566111e0abea0a156293a1d395340
                                                            • Opcode Fuzzy Hash: 68fe578d35092125205800651ebed04ab2cd78e9e768a7df53b5cc397d308b74
                                                            • Instruction Fuzzy Hash: E6817CF7F012264BF3904D68DC983626283DB95724F3F82398B58AB7C5E97E5D069384
                                                            Function 004E0419 Relevance: .2, Instructions: 233COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f2dd2b37420a2769d919b04385bad5335d87f3aff882699c77884c861c8fd463
                                                            • Instruction ID: e7f518646aaf617b24a7509232f54871fd384a780adbaa3604476657e7dcd08b
                                                            • Opcode Fuzzy Hash: f2dd2b37420a2769d919b04385bad5335d87f3aff882699c77884c861c8fd463
                                                            • Instruction Fuzzy Hash: 55817DF3F5132547F3544928DC983616682DB95320F2F82398F68AB7C9DCBE9D0A5388
                                                            Function 0046042E Relevance: .2, Instructions: 233COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 420d1e2bdf6e7c88510a42afc2f7c80c8e591e2f4252e1061d052324453df236
                                                            • Instruction ID: de05ea2f62928598c793049a42b03b01ba39b832293245170a3fcdc8228dd52f
                                                            • Opcode Fuzzy Hash: 420d1e2bdf6e7c88510a42afc2f7c80c8e591e2f4252e1061d052324453df236
                                                            • Instruction Fuzzy Hash: AA8179F3F212154BF3444938CD983A26683D7E5320F2F82788B596B7C9D87E9D0A5384
                                                            Function 0048A020 Relevance: .2, Instructions: 232COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c7bc7911b7b6e9236a7002780481d4804b9c8f284c739a5214bd6bd46e49e0aa
                                                            • Instruction ID: e1d63f6426999b4c02b3c751fed07b85ddb459e49d63929b9550615650fa0ceb
                                                            • Opcode Fuzzy Hash: c7bc7911b7b6e9236a7002780481d4804b9c8f284c739a5214bd6bd46e49e0aa
                                                            • Instruction Fuzzy Hash: 378147F3F2062447F3984929DC983626283D7D5311F2F82798E88AB7C5EC7E5D0A5384
                                                            Function 004EB188 Relevance: .2, Instructions: 232COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bdb0df5f7f73def671417205e2c3cb34fa5894588caa3548e9343266b36489e9
                                                            • Instruction ID: a1b709450186da345f13df856c764dd25bd2c929d7fac8610bdd9338eb9de598
                                                            • Opcode Fuzzy Hash: bdb0df5f7f73def671417205e2c3cb34fa5894588caa3548e9343266b36489e9
                                                            • Instruction Fuzzy Hash: 66819DF3F1022547F3940D28DC943A17692DB95321F2F82788FA86B7D5D97E1D0A9388
                                                            Function 004AC397 Relevance: .2, Instructions: 232COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5419a702227a0168680547a8bb3ed2a1ff3614389f6d8872e30fad2ba7a3b9b9
                                                            • Instruction ID: 33946f0d907c5f11e581ea374474362cdd73f3d6425b1ea78450a072c892b0ec
                                                            • Opcode Fuzzy Hash: 5419a702227a0168680547a8bb3ed2a1ff3614389f6d8872e30fad2ba7a3b9b9
                                                            • Instruction Fuzzy Hash: 9E81A0B3F102244BF3448939DC983A27683DBD5324F2F81798E59AB7C5D9BE9D0A5384
                                                            Function 00430435 Relevance: .2, Instructions: 232COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b5d698465d47eda5c59eaf466ae8b9e79c349935e02856a3bfb6dd0b6add8be9
                                                            • Instruction ID: 2031fd0a04eadd7dc1af7cec0f790c1a98cd7adc3c32c5fb3f9486e7fd2b9031
                                                            • Opcode Fuzzy Hash: b5d698465d47eda5c59eaf466ae8b9e79c349935e02856a3bfb6dd0b6add8be9
                                                            • Instruction Fuzzy Hash: 4B816BB3F5122547F3984C78CD983A2658297A1320F2F827C8E99677C9DCBE5D0953C4
                                                            Function 00483256 Relevance: .2, Instructions: 231COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 52e2464f02d387aa227cf21201a7014e695a1b60247f94e1555b1cf562f389b9
                                                            • Instruction ID: 06749de8f154ee18eca962b6c8cb95f1ca4d0684108c34e13ef137a6c7d5aa56
                                                            • Opcode Fuzzy Hash: 52e2464f02d387aa227cf21201a7014e695a1b60247f94e1555b1cf562f389b9
                                                            • Instruction Fuzzy Hash: C08168B3F102254BF3944939CD893A27693DBD5310F2B82798E49ABBC9DC7D9D0A5384
                                                            Function 0050702B Relevance: .2, Instructions: 230COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 942b51c1db45d6a43ccc6511554f3420c9c9a018513ac1a31bbb3d680aaac261
                                                            • Instruction ID: d179f7ea90c151f4e594ff5b2756d1c25678c2d95febdd38fa8cff35640f0f32
                                                            • Opcode Fuzzy Hash: 942b51c1db45d6a43ccc6511554f3420c9c9a018513ac1a31bbb3d680aaac261
                                                            • Instruction Fuzzy Hash: BE818FB3F216254BF3844D29CC983617293DB95321F2F82788E58AB7C4D97E9D0A9384
                                                            Function 004B2132 Relevance: .2, Instructions: 230COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d67fbfa9d1706b3d1a2ce6c8a1b05d9d7b8c45848d89361a5e429117c41ecee5
                                                            • Instruction ID: e13906f69a00c28fd89c60ea28594e10c2e612e043167a9bfa86811b348e5c64
                                                            • Opcode Fuzzy Hash: d67fbfa9d1706b3d1a2ce6c8a1b05d9d7b8c45848d89361a5e429117c41ecee5
                                                            • Instruction Fuzzy Hash: 548199B3F011258BF3454E28DC9436177A2EB95310F2F41B9CA486B7C4DA7E6D1AE388
                                                            Function 00461137 Relevance: .2, Instructions: 229COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: abfcb1e20f45f1e95948d9d3d3c1069b5633ce5e854608ba100e8552312ad144
                                                            • Instruction ID: f6f20beb4e1df1829731effff5d0ea78ece538ef468ce64bbfcda3ada60445d9
                                                            • Opcode Fuzzy Hash: abfcb1e20f45f1e95948d9d3d3c1069b5633ce5e854608ba100e8552312ad144
                                                            • Instruction Fuzzy Hash: BD818EF3F116254BF3944929CC983627683DBD5324F2F82788B985B3C5E93E9D0A5384
                                                            Function 004F5190 Relevance: .2, Instructions: 229COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0915933225f7510a7cf4bfedda5f514849ce220c8b8eed3f6baf23f807787cbe
                                                            • Instruction ID: b73db0229baf994e70f93da34c96ee0f22c7f34c801ee3df8b53670663d2bc92
                                                            • Opcode Fuzzy Hash: 0915933225f7510a7cf4bfedda5f514849ce220c8b8eed3f6baf23f807787cbe
                                                            • Instruction Fuzzy Hash: 37716CB3F2122647F3544939CC983626683DBD5324F3F82388E59AB7C9D87E9D0A1284
                                                            Function 005073CD Relevance: .2, Instructions: 229COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 04d28996559efced303ce6a2628571d46016fc09a8665f9a2d89b34b5a79303b
                                                            • Instruction ID: e4744e30bf6e7f425aaa0c8a630661de95b771ce7795df91f7e171abc2ae9c46
                                                            • Opcode Fuzzy Hash: 04d28996559efced303ce6a2628571d46016fc09a8665f9a2d89b34b5a79303b
                                                            • Instruction Fuzzy Hash: A0818CF3F6162547F3944938CC983A16583DBD1325F2F82788E986BBC9D87E5D0A5384
                                                            Function 004B51A4 Relevance: .2, Instructions: 228COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 091ce2ccb07e9ff689bbcad6e4370bd8608dc1028865afde9d592f4ea65f3d4c
                                                            • Instruction ID: 454aec7eda6e04131736ad39aa841677861e64489cca32d375962f6f7fd4c45b
                                                            • Opcode Fuzzy Hash: 091ce2ccb07e9ff689bbcad6e4370bd8608dc1028865afde9d592f4ea65f3d4c
                                                            • Instruction Fuzzy Hash: F1719CB3F1022147F3944979CC943A26282D7D5324F2F82799F58AB7C5DCBE9D0A5384
                                                            Function 0043A099 Relevance: .2, Instructions: 227COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8ebb233031360a89c4d344c3236283ec528ab7f47b1131c188b02e824015a7f9
                                                            • Instruction ID: 3af36494e6e7af5763253a8a7db343a6dc7bebe47241b5bbbff9cf73b7d9ed0e
                                                            • Opcode Fuzzy Hash: 8ebb233031360a89c4d344c3236283ec528ab7f47b1131c188b02e824015a7f9
                                                            • Instruction Fuzzy Hash: F8717DB3F112258BF3548D29CD583617693DBD5320F2F82798E58AB7C4D93E9D0A9384
                                                            Function 004362B4 Relevance: .2, Instructions: 227COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c2cfdf1c9077bca979e5f719d63c6b66ae9826c3e830a150dd12d5e5546a0047
                                                            • Instruction ID: 69dd3f71e13fbd71f76b3d3d87b5ae2cbefe982e41d5441b4bb0e9463de0e7fa
                                                            • Opcode Fuzzy Hash: c2cfdf1c9077bca979e5f719d63c6b66ae9826c3e830a150dd12d5e5546a0047
                                                            • Instruction Fuzzy Hash: 5D7189F3F111254BF3944929CD583626683DBD1324F2F82788E98AB7C9DC7E9D4A5388
                                                            Function 004B6405 Relevance: .2, Instructions: 226COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5eacf6b131a67f3c4b17317415e4299aadee594f077774e9acbe7ca8e784dd61
                                                            • Instruction ID: 973c25a8c0ae988605bca28a09c3642d384cf8a74f1bb79629a60fac221b84cf
                                                            • Opcode Fuzzy Hash: 5eacf6b131a67f3c4b17317415e4299aadee594f077774e9acbe7ca8e784dd61
                                                            • Instruction Fuzzy Hash: AE7198F7F106208BF3448929CC943617692EBD5314F2F82798F48AB7D5C97EAD0A9384
                                                            Function 004B24B7 Relevance: .2, Instructions: 226COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dfc42742fc3716b967987b04f6dfc9340fbdde67cd6f99876e67c337459171ab
                                                            • Instruction ID: 8cf590924b9d7a560297f1eb74f868663c6a26822744e0c21cac1914c857e6bf
                                                            • Opcode Fuzzy Hash: dfc42742fc3716b967987b04f6dfc9340fbdde67cd6f99876e67c337459171ab
                                                            • Instruction Fuzzy Hash: 45818DF3F5062547F3944929DC983A23282DBE5314F2F82788F48AB7C9D87E9D0A5384
                                                            Function 004494BB Relevance: .2, Instructions: 226COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 29c3fee9be57cc00619504961a7d122473ceccf361ff47cc3cdc0d1f0c2eee6f
                                                            • Instruction ID: 0ca9af8a8c6efb83e7d63837ceaf0e5d2089defa47fd110a86b98485d11371ed
                                                            • Opcode Fuzzy Hash: 29c3fee9be57cc00619504961a7d122473ceccf361ff47cc3cdc0d1f0c2eee6f
                                                            • Instruction Fuzzy Hash: A181BEF3F102254BF3544E28CC943A17292DB95320F2F82798F586B7C5E97E6D09A388
                                                            Function 004F60F5 Relevance: .2, Instructions: 225COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: abb1700792f4127f9787040102ef7a00564e85e9780d39a4091ad8e38f569153
                                                            • Instruction ID: a502357a75eabf26bb7fbce4ea03407547302a8e6ddd2fc553a82af2fbba42c5
                                                            • Opcode Fuzzy Hash: abb1700792f4127f9787040102ef7a00564e85e9780d39a4091ad8e38f569153
                                                            • Instruction Fuzzy Hash: FD818CB3F102258BF3844A28CCA83B17252EB95314F2F827D8E595B7D4DD7E6D0A9784
                                                            Function 0048108C Relevance: .2, Instructions: 225COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 527bb6e2762b2d33d00428300387679b288271223af2caebd2d634add319d468
                                                            • Instruction ID: b97883f6a63db2da713f5156a4aaa169f6cddf59b5577a89575b3afa75cb02b4
                                                            • Opcode Fuzzy Hash: 527bb6e2762b2d33d00428300387679b288271223af2caebd2d634add319d468
                                                            • Instruction Fuzzy Hash: 39719DF3F516244BF3500929DC943A26643DBE5325F2F82388F586B7CAD87E9D0A5388
                                                            Function 0050535C Relevance: .2, Instructions: 225COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7af74998928ccda90729fb163894ec4bdbd4ce8a67f19c23be71ae4f261ba835
                                                            • Instruction ID: 1f10034589d0d6fb4de3b37a554232ecf69ed5cf518f624e99263de342149d32
                                                            • Opcode Fuzzy Hash: 7af74998928ccda90729fb163894ec4bdbd4ce8a67f19c23be71ae4f261ba835
                                                            • Instruction Fuzzy Hash: 1871ABF3F1062547F3440939DC983A26683DBE1325F2F82789B59AB7C5E87E8D4A5384
                                                            Function 004513FD Relevance: .2, Instructions: 225COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 204a876d0511003065bbb3127db1cdeb7687dd4c94c1445f22100abe97b0373a
                                                            • Instruction ID: 9f4ca22c2739aa70f2b4694910c58e6d4936d7db80f872d4c78a781b28048e02
                                                            • Opcode Fuzzy Hash: 204a876d0511003065bbb3127db1cdeb7687dd4c94c1445f22100abe97b0373a
                                                            • Instruction Fuzzy Hash: CC716BF3F1112547F3648D29CC983616693EBE5314F2F82788E886BBC4E97E5D0A9384
                                                            Function 004D843B Relevance: .2, Instructions: 225COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5e589f71f99113b4b8facf6841637484da2ad6c4ccfae3957ad37d990c0e7c77
                                                            • Instruction ID: 9f6fc0ea89549951d0a2796dd3214cc6b8884a42fab545dc6a5c69595a9b209c
                                                            • Opcode Fuzzy Hash: 5e589f71f99113b4b8facf6841637484da2ad6c4ccfae3957ad37d990c0e7c77
                                                            • Instruction Fuzzy Hash: C2818CB3F5022547F3944D28CC943627292DBD5324F2F82798F496BBC9D97E6D0A5384
                                                            Function 004F6485 Relevance: .2, Instructions: 225COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 25100545ff7e600dbad681d87f055549de39593b33b4c9c10ac8660dc6808673
                                                            • Instruction ID: af4ca0d918e0b89ad1c43b79c1094dc8228ef5392ca58939f952d0ed7d58bf39
                                                            • Opcode Fuzzy Hash: 25100545ff7e600dbad681d87f055549de39593b33b4c9c10ac8660dc6808673
                                                            • Instruction Fuzzy Hash: 557149B3F111254BF3484938CC683A16683DBD5325F3F82398B596BBC9ED7E9D0A5284
                                                            Function 0046F062 Relevance: .2, Instructions: 224COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2496a2d9608266986da4ca6da82851e50f0d285b2eff5a54e7ffb794d2f366a0
                                                            • Instruction ID: 9af70bd315b182c57cecb4aeb83711684e361b9b83a6db0eb5ebffc7df953ba6
                                                            • Opcode Fuzzy Hash: 2496a2d9608266986da4ca6da82851e50f0d285b2eff5a54e7ffb794d2f366a0
                                                            • Instruction Fuzzy Hash: A1718DB3F111244BF3540D39CC543627683DBD5324F2F42788E98AB7C9D83E9D0A5288
                                                            Function 004E300B Relevance: .2, Instructions: 224COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a1c0bca9b544095dd13db102db83b6893a40b666910225a1d7863e6db288fa6e
                                                            • Instruction ID: a71d1f795a6703aea93a68e3d68515cded2f17883cc1a748b26655ae889a3980
                                                            • Opcode Fuzzy Hash: a1c0bca9b544095dd13db102db83b6893a40b666910225a1d7863e6db288fa6e
                                                            • Instruction Fuzzy Hash: 57815AB3F112254BF3544928CC583617293DB95324F2F82788F596B7C5D93EAD0A5388
                                                            Function 004C8126 Relevance: .2, Instructions: 224COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 09df0466d4af1bb7dd4111025bafc3d21fbdb29e686d0cd4d8fb0739fb228c6a
                                                            • Instruction ID: 7300988b4388831e22ebcff1f77eeb563a8a1bf8c5e7b193fac48096b7076cc4
                                                            • Opcode Fuzzy Hash: 09df0466d4af1bb7dd4111025bafc3d21fbdb29e686d0cd4d8fb0739fb228c6a
                                                            • Instruction Fuzzy Hash: E3818CF3F1021547F3484D28CD993A23682DB91314F2F82798B999B7C5D87E9D0A5388
                                                            Function 004EA01A Relevance: .2, Instructions: 223COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b953954de7d112913c64f5038ef72efa9a8ed0c91ee523ac1641a3530f078777
                                                            • Instruction ID: a177947fc037aaa6e026d149bf9c519e466c1c9c86ab3841c6a2f4332b002ab8
                                                            • Opcode Fuzzy Hash: b953954de7d112913c64f5038ef72efa9a8ed0c91ee523ac1641a3530f078777
                                                            • Instruction Fuzzy Hash: E3713CB7F012254BF3804E29CC983627793EBD5314F2F81798A486B7C8D97E5D0A9784
                                                            Function 004C42AC Relevance: .2, Instructions: 223COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f67f645b7fcbf6173a96613715c36c7c3f504f8d69772b64fe0aa89db7840432
                                                            • Instruction ID: a646f829db3d2cc071666f5a505909993d07d1df0954fbd385de8d600168b025
                                                            • Opcode Fuzzy Hash: f67f645b7fcbf6173a96613715c36c7c3f504f8d69772b64fe0aa89db7840432
                                                            • Instruction Fuzzy Hash: 5D71A9B3F1122587F3484D29CC583627693EBD5320F2F82788A58AB7D4DD7E9D0A5384
                                                            Function 0045A3EB Relevance: .2, Instructions: 223COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3e0eff8e8cce8b891d0652d33296c53161fa3704f3e20ff35ad30ecd34abb3b1
                                                            • Instruction ID: 5d6877e056c89a5e5523cf0b5e84b488893d07e39e4370dd92498adca3ca37f8
                                                            • Opcode Fuzzy Hash: 3e0eff8e8cce8b891d0652d33296c53161fa3704f3e20ff35ad30ecd34abb3b1
                                                            • Instruction Fuzzy Hash: A9718CB3F112254BF3940D39CC683627282DBA5320F2F82798E99AB7C5ED7E5D095384
                                                            Function 0049A3D3 Relevance: .2, Instructions: 222COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2801d19733d4996f936ba700525258eaf5d20e651a309a51048d0e849c189506
                                                            • Instruction ID: 1a055a7b7c4f26621c194e05059f1e7b7e83960990c5fcbf2a0e7c4257fac496
                                                            • Opcode Fuzzy Hash: 2801d19733d4996f936ba700525258eaf5d20e651a309a51048d0e849c189506
                                                            • Instruction Fuzzy Hash: 85718AF3F1022547F7484979CC983A166839BD4324F2F82788F49AB7C5D87E9D0A5388
                                                            Function 0044B068 Relevance: .2, Instructions: 218COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 64f9c131da8a003a061f6fd507667ff8cda2198a15909a165edae54ee35f0b2f
                                                            • Instruction ID: 70cfa0700dae9013c6048b86387695cb97dd0f6a0b745e845d3aa58694b78f08
                                                            • Opcode Fuzzy Hash: 64f9c131da8a003a061f6fd507667ff8cda2198a15909a165edae54ee35f0b2f
                                                            • Instruction Fuzzy Hash: 117136F3F112244BF3944939CD5936222839795324F2F82788F98AB7C9D97E9D0A5388
                                                            Function 00477122 Relevance: .2, Instructions: 218COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 50bdf72c898fd32721910f5156f8c4c32ecbeb17ffaa026931e88e3ac5e6207a
                                                            • Instruction ID: 2cd6a0a360aeea263a1819a275bad6cb06aed4a35837140f5a3ee5aa62c2ee06
                                                            • Opcode Fuzzy Hash: 50bdf72c898fd32721910f5156f8c4c32ecbeb17ffaa026931e88e3ac5e6207a
                                                            • Instruction Fuzzy Hash: FD71AEB3F112254BF3544D29CC983A27693DBD5314F2F82788A885BBC9DD7E9D0A9384
                                                            Function 0049C40F Relevance: .2, Instructions: 217COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5d80549b5ee6d413136b46044f166903e14ec243b5b40c50a6a340782d72a927
                                                            • Instruction ID: bcb97c3df9948e747a6b606e1fa27b7f6270d2b24f9e464ba5c6a0f6e16269df
                                                            • Opcode Fuzzy Hash: 5d80549b5ee6d413136b46044f166903e14ec243b5b40c50a6a340782d72a927
                                                            • Instruction Fuzzy Hash: 02718CF7F1122547F3844939DC983926283E7D5324F2F82788E58AB7C9E87E9D0A5384
                                                            Function 004BF044 Relevance: .2, Instructions: 216COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1db0c896f1e2ec390e70ab5da708b45d624fc4b27880d77a473d0362ad79fc45
                                                            • Instruction ID: bd32f8f254033405fc9d65ef8d81b820c4ceee9e357bb67f66633014d4cffc74
                                                            • Opcode Fuzzy Hash: 1db0c896f1e2ec390e70ab5da708b45d624fc4b27880d77a473d0362ad79fc45
                                                            • Instruction Fuzzy Hash: 6F7169F3F1062547F7584978CCA83726682DB95324F2F82788F596B7C6E87E5C0A5388
                                                            Function 004BA03B Relevance: .2, Instructions: 216COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7f8216c8bc3055270e163d85c0bd0919e73c13e047b9a01de78b6e8d6bff7db2
                                                            • Instruction ID: c123e62ab1e6458811092d2432dc03694be3e93bc1af3cf1c9d7a307381d6d21
                                                            • Opcode Fuzzy Hash: 7f8216c8bc3055270e163d85c0bd0919e73c13e047b9a01de78b6e8d6bff7db2
                                                            • Instruction Fuzzy Hash: 9F7179F3F112158BF3444E28DC853A17753EB95314F2E81798B949B3C5EA7EAD0A9388
                                                            Function 004F74C6 Relevance: .2, Instructions: 216COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b25fa63e7ff649e45ec35dde960efe01e11ed146441aa8978cf3c672455d706e
                                                            • Instruction ID: 436749b9033fc51cbda857c6f726698621445c44e9329d6445c3dbb0934bf56e
                                                            • Opcode Fuzzy Hash: b25fa63e7ff649e45ec35dde960efe01e11ed146441aa8978cf3c672455d706e
                                                            • Instruction Fuzzy Hash: A2715AB3F111254BF3944939CD583626693ABD5320F2F82798E8DAB7C8DC7E9D0A5384
                                                            Function 00455307 Relevance: .2, Instructions: 214COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fa2c1809b1feff0bcf6b7070fffcb48abf7a71597d8868762d486b9fdd15c7e4
                                                            • Instruction ID: 9a127461711d2e2086b1e3261681f54fbde22d84d9598a22ef687f88006f6a43
                                                            • Opcode Fuzzy Hash: fa2c1809b1feff0bcf6b7070fffcb48abf7a71597d8868762d486b9fdd15c7e4
                                                            • Instruction Fuzzy Hash: 66718CB3F112244BF3500D78CC883926692DB95325F2F82789F68ABBC9D87E9D095384
                                                            Function 0047149C Relevance: .2, Instructions: 214COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3f15f8947fad8706c0c1e7298acc29fb73525ee87be3c533b60bbf981737ff64
                                                            • Instruction ID: fa454a7e18f4215c89103429d1eb9594544ac7a56978e9cbe726dc07b943d358
                                                            • Opcode Fuzzy Hash: 3f15f8947fad8706c0c1e7298acc29fb73525ee87be3c533b60bbf981737ff64
                                                            • Instruction Fuzzy Hash: A07116B3F5162647F3580878DDA83726583DB95324F2F82398B6A6B7C5EC7E4C0A5384
                                                            Function 004FD44E Relevance: .2, Instructions: 213COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 62e13bff601ab37b42e7b4396c77f95bc04cc529a8c706f808da9a9853ebc16d
                                                            • Instruction ID: b7fa05cec66a4035a79e3ac0dc2a2286351747066d14c74624f16de06f502191
                                                            • Opcode Fuzzy Hash: 62e13bff601ab37b42e7b4396c77f95bc04cc529a8c706f808da9a9853ebc16d
                                                            • Instruction Fuzzy Hash: 56719BF3F1121647F3444D29DCA8361A283DBE5324F3F82398A596BBC5E97E9D0A5384
                                                            Function 00502188 Relevance: .2, Instructions: 210COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4c3d5ea495329b3e336c4b2237c77ac2f3dce677600b27bf3782cb7e0fc094f0
                                                            • Instruction ID: a492e0b1394eb95b564d8344611e16204e336df635627e3b5d1116fa344c50d4
                                                            • Opcode Fuzzy Hash: 4c3d5ea495329b3e336c4b2237c77ac2f3dce677600b27bf3782cb7e0fc094f0
                                                            • Instruction Fuzzy Hash: F3716AF7F126244BF3404968DC943A16283DB95325F2F82B8CE5C6B7C6E97E6D0A5384
                                                            Function 004CA12F Relevance: .2, Instructions: 208COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4719f4341504c767bdf71b5299d967add548c687356f281231086df179b69e4e
                                                            • Instruction ID: 706059ab130502f29fa1b24f40ee088989151f45d260154387159a651667d0cf
                                                            • Opcode Fuzzy Hash: 4719f4341504c767bdf71b5299d967add548c687356f281231086df179b69e4e
                                                            • Instruction Fuzzy Hash: 9C719BB3F1122547F3944D29CC943A2B292D7D5320F2F82788E5C6B7C4E97E6D0A9388
                                                            Function 004D5070 Relevance: .2, Instructions: 207COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 11020c61eb6cef1d3917905ec9e0fd095298e4889d29e652056d98b834b8c318
                                                            • Instruction ID: c65a03692ceea626bc190ffa271d1238da5d33965b0b7b69d0be59956030b870
                                                            • Opcode Fuzzy Hash: 11020c61eb6cef1d3917905ec9e0fd095298e4889d29e652056d98b834b8c318
                                                            • Instruction Fuzzy Hash: CA71A3B3F112244BF3944E29DC943657692E799320F2F427D8E8CA73C5E97E6D0A9384
                                                            Function 004D54A4 Relevance: .2, Instructions: 207COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ab070fd7788d141f61c75c2e2cbdafa03859bddaf9182b890dea7eb7e9fc2ede
                                                            • Instruction ID: 7d479b55344dff6e810a2b25620b3e1daa00d8ee08db46905b048e2e9002d059
                                                            • Opcode Fuzzy Hash: ab070fd7788d141f61c75c2e2cbdafa03859bddaf9182b890dea7eb7e9fc2ede
                                                            • Instruction Fuzzy Hash: 6761DDB3F116244BF3944D29DC983A17293EBDA310F2F81798E499B7C8D97D9D0A6384
                                                            Function 00466446 Relevance: .2, Instructions: 206COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e6f94e7c71a2c0efda2c72ab6496a12dbd636fd36d59b3603473c8125e4d06d7
                                                            • Instruction ID: b874ed1214d5aa979786f73a1cac9eed83e1c5fd853e85088255a29d1a7a865f
                                                            • Opcode Fuzzy Hash: e6f94e7c71a2c0efda2c72ab6496a12dbd636fd36d59b3603473c8125e4d06d7
                                                            • Instruction Fuzzy Hash: 796146F7F215254BF3504929DC583A266839BD1324F3F82788E5C6B7C4E97E9D0A5388
                                                            Function 004442F9 Relevance: .2, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 117616e415ee08bf67883c89aa3fd7be179fbeb7bb833598510f2173dc5ddd93
                                                            • Instruction ID: 117db7892b73f0eacc0c433d68c0ff824f041175a3bbc24b37958f161fbb15dd
                                                            • Opcode Fuzzy Hash: 117616e415ee08bf67883c89aa3fd7be179fbeb7bb833598510f2173dc5ddd93
                                                            • Instruction Fuzzy Hash: 7D616AB7F215248BF3944D29CC6836262939BD5321F2F82798E9D6B7C8DC7E5C0A5384
                                                            Function 004B3156 Relevance: .2, Instructions: 204COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 89edbb7750a5904ba2ef385ae95421c0674a32add49fe713a086d886c7ea9775
                                                            • Instruction ID: 146955e2accd2d7242217ee821297dad339ac3ac8ba3bef0af2466d69dde3a15
                                                            • Opcode Fuzzy Hash: 89edbb7750a5904ba2ef385ae95421c0674a32add49fe713a086d886c7ea9775
                                                            • Instruction Fuzzy Hash: 1B6188F3F115254BF3544D29DC543A23283DBE5324F2F82788A886BBC9D87E5D4A9384
                                                            Function 0042E292 Relevance: .2, Instructions: 204COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3614e2146a41f2970c5e94a671d307fd04041209bf29c154f3713b0ddeda65ad
                                                            • Instruction ID: 349d839f66080cedce56ffae7d6b1b028e010e79c06ecbdd6fe628dfd1691646
                                                            • Opcode Fuzzy Hash: 3614e2146a41f2970c5e94a671d307fd04041209bf29c154f3713b0ddeda65ad
                                                            • Instruction Fuzzy Hash: 48619CB3F116244BF3484938CD683616682DBA5320F2F827C8F996B7C5DC7E5D095384
                                                            Function 00466134 Relevance: .2, Instructions: 203COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d2b915b88f46f79398a030c1af8365f3dbafc8ff97849e255e72dda318366342
                                                            • Instruction ID: be994cda0566d71c9e483f5c062b438ae690d715c2b5039069b7dc4d0c60c84a
                                                            • Opcode Fuzzy Hash: d2b915b88f46f79398a030c1af8365f3dbafc8ff97849e255e72dda318366342
                                                            • Instruction Fuzzy Hash: C271BEB3F111254BF3504E18CC94361B393EB85314F2F827A8E586B7C5EA7EAD469784
                                                            Function 0047434F Relevance: .2, Instructions: 201COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 770943e2173ef1339b441312a2909069b604248313e88c48f58024a9977f50b5
                                                            • Instruction ID: 4c469693a283f82acabbca7e50a4bb7c3fdb8bc70f4fd1a2b0de014024ea7ba0
                                                            • Opcode Fuzzy Hash: 770943e2173ef1339b441312a2909069b604248313e88c48f58024a9977f50b5
                                                            • Instruction Fuzzy Hash: C46168F3F2022547F3944939CC983626682AB95324F2F82788F5DAB7C9EC7E5D495384
                                                            Function 0047F230 Relevance: .2, Instructions: 197COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 61f4ebe16eea5e4c1af4d05ac2dd3f475b0ffb7ce865211d4485be54973fa0cc
                                                            • Instruction ID: 33150fccff56217e400b027e83ae72355b7a07dbdc47cff0808446dbb6f4491a
                                                            • Opcode Fuzzy Hash: 61f4ebe16eea5e4c1af4d05ac2dd3f475b0ffb7ce865211d4485be54973fa0cc
                                                            • Instruction Fuzzy Hash: E0619BB3F111294BF3444D29CC983A27693EBD5320F2F82798A599B7C5D87E9D0A5384
                                                            Function 0047B4BE Relevance: .2, Instructions: 196COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 12e6cec2802b43088c4b64eab2bf2cd347566a2c0e555d3ec49b274514e0049a
                                                            • Instruction ID: 9f7c638bfe6330d5e5f42e840c90ae8b23744ef243394422eabee0b7aded41df
                                                            • Opcode Fuzzy Hash: 12e6cec2802b43088c4b64eab2bf2cd347566a2c0e555d3ec49b274514e0049a
                                                            • Instruction Fuzzy Hash: 40615CF3F1012547F3544E28DC583A27292DB95324F2F82798E88AB7C5D97FAD4A9384
                                                            Function 00498496 Relevance: .2, Instructions: 195COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c5187dcebe2a52a0d667cc43c4e4aac2d3dc767cb9d6ecdc38550f0d0552b625
                                                            • Instruction ID: 11f70409a238536b88672f5e45533d62e8347bca6a1d3d1fb19ae78cdb814c00
                                                            • Opcode Fuzzy Hash: c5187dcebe2a52a0d667cc43c4e4aac2d3dc767cb9d6ecdc38550f0d0552b625
                                                            • Instruction Fuzzy Hash: 00619FB3F102254BF3944D78DC983627292DB95310F2F82789B58AB7C5DD7E9D099388
                                                            Function 004763F1 Relevance: .2, Instructions: 194COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 49fc0d84e8f60d04e0fc48646edc0636dc40cd800eb4864f6dfb0e46308086cf
                                                            • Instruction ID: 2661db2ecce08e8a7f7e7f6db4999cae03678559630021d70712bdf7b9c429c6
                                                            • Opcode Fuzzy Hash: 49fc0d84e8f60d04e0fc48646edc0636dc40cd800eb4864f6dfb0e46308086cf
                                                            • Instruction Fuzzy Hash: B0617BF3F2112547F3944E29CC543617293EBD5314F2F827D8A89AB7C9D93E990A9284
                                                            Function 004332E4 Relevance: .2, Instructions: 189COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b3218dcfe46b2f43778a707f1e3319164ac71953cd34b68167c79c50c4cedb3e
                                                            • Instruction ID: 6c0b954a2451fb9ad461ddd397080ed8c17bb51c96ea1aac7195358868be552a
                                                            • Opcode Fuzzy Hash: b3218dcfe46b2f43778a707f1e3319164ac71953cd34b68167c79c50c4cedb3e
                                                            • Instruction Fuzzy Hash: 8D6169B3F1122547F3544D38C8A83626682DB95324F2F82798F696BBC8D97E5D0A5284
                                                            Function 0043B083 Relevance: .2, Instructions: 188COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9ba38552f47dd58b53782127104bd4438c9a6fb9faf90c04264c2ab23eb9d240
                                                            • Instruction ID: 527c8cf5fd2b09947614f06b391ae21524ab79bb4cead53a3d5b64c3ed5027c2
                                                            • Opcode Fuzzy Hash: 9ba38552f47dd58b53782127104bd4438c9a6fb9faf90c04264c2ab23eb9d240
                                                            • Instruction Fuzzy Hash: 22618DB7F1122647F3544E25CC943A1B292EB95310F2F827D8E48AB7C4D97E6D0AA3C4
                                                            Function 004E847E Relevance: .2, Instructions: 186COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 05f8b3a7e8e498332b3a9fff729d83e08597941d784538fa402a88abfab92e2e
                                                            • Instruction ID: 0f8339e2c73f8274b6d67a51953abeb2df555cd7528933ec3cc0753e5012f88f
                                                            • Opcode Fuzzy Hash: 05f8b3a7e8e498332b3a9fff729d83e08597941d784538fa402a88abfab92e2e
                                                            • Instruction Fuzzy Hash: 705199B3F012254BF3444929CC583617683EBD5324F2F827D8A986BBC9D93E5D0A9384
                                                            Function 004D107E Relevance: .2, Instructions: 185COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9349241caee1cb6eefa6693c94ceded80a774a03a0bbbf176f6fd29288d10439
                                                            • Instruction ID: 865477ab142c76feeb427d829900f4b017a36de8090d71be529f9753fa0441e7
                                                            • Opcode Fuzzy Hash: 9349241caee1cb6eefa6693c94ceded80a774a03a0bbbf176f6fd29288d10439
                                                            • Instruction Fuzzy Hash: 3C51AAB3F1122547F3984968CC983A17282ABD5324F2F82388F596B3C5DD7E6C0A4784
                                                            Function 0042F269 Relevance: .2, Instructions: 181COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 71238ee0a81c04d85ee601c65d3b58fe4f6ef974c78618be2c871fae945919ea
                                                            • Instruction ID: 9c31acfa623d0a5f6bd6631a9cb0f88cd2a8d7d35ae309d57fc30ce761595ec0
                                                            • Opcode Fuzzy Hash: 71238ee0a81c04d85ee601c65d3b58fe4f6ef974c78618be2c871fae945919ea
                                                            • Instruction Fuzzy Hash: 095191F3F102244BF3544E29DC943627292EB95314F2E867D8B85AB7C4D97E6D0A9344
                                                            Function 0045500A Relevance: .2, Instructions: 180COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8689613863e02076e4d15348e786658df637d87344f3369a615eb6560e666342
                                                            • Instruction ID: aefff2067eb99277ac4357fa1087e15198be2e3c110b45499eac594b696ba14c
                                                            • Opcode Fuzzy Hash: 8689613863e02076e4d15348e786658df637d87344f3369a615eb6560e666342
                                                            • Instruction Fuzzy Hash: 0D51BBB3F2153447F3944928CD883A2A642D791320F2F82798E5D7BBC6D87EAD0A53C4
                                                            Function 005132A8 Relevance: .2, Instructions: 180COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e21a4daad652d78c186b909cf69429bfbfe882c673658fbf2cec0b467545f88a
                                                            • Instruction ID: 900968bdd0afb6738d9c654afe20e0268d33e00ffaf719768101ebe4079fdb0e
                                                            • Opcode Fuzzy Hash: e21a4daad652d78c186b909cf69429bfbfe882c673658fbf2cec0b467545f88a
                                                            • Instruction Fuzzy Hash: 3A51B2B3F112198BF3444E28CC983617793EBD6310F2F42798A589B7D5D93EAE099784
                                                            Function 004B6147 Relevance: .2, Instructions: 179COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1d4f5ff6c25233c505295e189faeb854873c8f253b1238eb51de47934fffc5e1
                                                            • Instruction ID: 04d968533e3a4e90517cd248f88a3158c8c6ff7ef66b62cb7a7f9eb791bfb8ba
                                                            • Opcode Fuzzy Hash: 1d4f5ff6c25233c505295e189faeb854873c8f253b1238eb51de47934fffc5e1
                                                            • Instruction Fuzzy Hash: F451CBB3F1122547F3544D28CC983A27283DBD5314F2F827D8A599B7C9D87EAD4A9384
                                                            Function 0047A37E Relevance: .2, Instructions: 179COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1093a4ef228a256fa2583cdac70106060a299002aacf5fc60b8b994772a7e847
                                                            • Instruction ID: 9a00b9d2d6bb1935285013451f3762f16dce4c91d091e92ff691b52d3b0e3b08
                                                            • Opcode Fuzzy Hash: 1093a4ef228a256fa2583cdac70106060a299002aacf5fc60b8b994772a7e847
                                                            • Instruction Fuzzy Hash: 8A51BCB3F112258BF3944E39CC583A17282DB95320F2F42798E59AB3C5D93E5D0A9384
                                                            Function 004C33D8 Relevance: .2, Instructions: 176COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d37ee7d75fb4a2c52058cdddd6d7c3bd820c2fb318a748da2d9565884f447375
                                                            • Instruction ID: 8d4fb351943a44c85ef9da9e645abd8a7ce7312f6d38f641cd336e93f1cad6b8
                                                            • Opcode Fuzzy Hash: d37ee7d75fb4a2c52058cdddd6d7c3bd820c2fb318a748da2d9565884f447375
                                                            • Instruction Fuzzy Hash: 53516EB3F112258BF3514E29CC943A17353EBD5311F2F82798E481B7C5D93A6E4AA784
                                                            Function 004DF047 Relevance: .2, Instructions: 172COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 05816b9d95f3781304f69c886c79bcc731eec8af41a9e9dbeb0a7c5a165d7231
                                                            • Instruction ID: 6c64ebc53beeb9c5c9f6bc5c5615d3820fdd37b514ba278c84458ea61128cd9f
                                                            • Opcode Fuzzy Hash: 05816b9d95f3781304f69c886c79bcc731eec8af41a9e9dbeb0a7c5a165d7231
                                                            • Instruction Fuzzy Hash: CE516BB3E102258BF3548E69DC943617293DBD5724F2F817D8E886B3C4E97E6D069384
                                                            Function 0047B254 Relevance: .2, Instructions: 165COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bd54e3527160487dea98b5fcbc64163b3c55d7eb2f50ce922156da9f014ad420
                                                            • Instruction ID: 342d79d201c069f0d3f5341f689a2fd258fb19ca66dcd92e1b0dddab9b5f3fbd
                                                            • Opcode Fuzzy Hash: bd54e3527160487dea98b5fcbc64163b3c55d7eb2f50ce922156da9f014ad420
                                                            • Instruction Fuzzy Hash: 705147B7E111268BF3944A64DC543A17393EB95320F2F41798E486B3D1DA3E6D0A9784
                                                            Function 004A536C Relevance: .2, Instructions: 165COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 857c46e8815d7b74f74eaf6e43726999698c8d8e7300ea23d9c0b56037a38b36
                                                            • Instruction ID: edc76afb3de840e142b13a54307142075e7bec5b65a49040b708500984d621e6
                                                            • Opcode Fuzzy Hash: 857c46e8815d7b74f74eaf6e43726999698c8d8e7300ea23d9c0b56037a38b36
                                                            • Instruction Fuzzy Hash: 0651BBB3F112144BF3844E29CC583A27683EBD5324F2F82398B549B7C5D97EAD0A5384
                                                            Function 004E439C Relevance: .2, Instructions: 163COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4b0f68f2bfe7ea82bcb22e4cba8aa12dbbc406afb4be8c5a220bbf839bb34711
                                                            • Instruction ID: e076e5ed73db4907fe99156d1dc36dbf82f473f73d0253822abcf1d08bdca476
                                                            • Opcode Fuzzy Hash: 4b0f68f2bfe7ea82bcb22e4cba8aa12dbbc406afb4be8c5a220bbf839bb34711
                                                            • Instruction Fuzzy Hash: C7518CB7F102254BF7544D39CC983517292DBA5710F2F827D8E88AB3C4D97EAD095384
                                                            Function 004FD1A8 Relevance: .2, Instructions: 160COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3d6d4add54014c6c562e8950df3215a9ee49fb15b4f1b983b73199f437b2a9dc
                                                            • Instruction ID: afc1b760a322c382547953d894d272fb44fa9f7663a69fbdac2c63cbc92ad5f1
                                                            • Opcode Fuzzy Hash: 3d6d4add54014c6c562e8950df3215a9ee49fb15b4f1b983b73199f437b2a9dc
                                                            • Instruction Fuzzy Hash: D85177F7F516254BF3940929CD6836261839BD1321F3F82398F9C6BBC5E87E9D0A5284
                                                            Function 004E123D Relevance: .2, Instructions: 155COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3609283de0fd67966b7ce8247c17f525b17263c75ff3c40a83e0bc18baa2faa7
                                                            • Instruction ID: 202ee2f2a5eecafc7e258aad131b2451b03b278b8892861b59232cb15a095865
                                                            • Opcode Fuzzy Hash: 3609283de0fd67966b7ce8247c17f525b17263c75ff3c40a83e0bc18baa2faa7
                                                            • Instruction Fuzzy Hash: 8D5190B3F502164BF3948E29DC943B13693DB86314F2E827D8E499B7C4D97E9D0AA344
                                                            Function 00509062 Relevance: .2, Instructions: 150COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e6b92400049c89a0d32ad29b53c393b2eb66312c9abf2a39c2f520ec12b94f88
                                                            • Instruction ID: 9b9a0f33477e0503fc9edec604f72b402c6fa48ef7ab16b107190fef038aef17
                                                            • Opcode Fuzzy Hash: e6b92400049c89a0d32ad29b53c393b2eb66312c9abf2a39c2f520ec12b94f88
                                                            • Instruction Fuzzy Hash: 49516FB3F1121A47F3844929CCA83A17243DBD5320F3F81398A556BBC5D97EAD0A6784
                                                            Function 0047124D Relevance: .2, Instructions: 150COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cd29e8d283f6dc5754101b904e921b9bf6fc4da72fc3df1864a99665f295b0c3
                                                            • Instruction ID: 98d3c7c23535be620467625b94ead4b19110cad3b1e8e661e059c6f9b562a35e
                                                            • Opcode Fuzzy Hash: cd29e8d283f6dc5754101b904e921b9bf6fc4da72fc3df1864a99665f295b0c3
                                                            • Instruction Fuzzy Hash: BD517FB3F1022547F3644E29DC983627292DBD5314F2F81798E9C9B7C5D93E9D0A9384
                                                            Function 004DB16D Relevance: .1, Instructions: 145COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 775bdae7504da6490f554cadb5b0cdb4a4e0eb6c1090a3e3b240acc92da412c5
                                                            • Instruction ID: 07d661b2b3fe9ae304bd1c8879c73e8f077fa48c89079655fbb26d720a9eaab1
                                                            • Opcode Fuzzy Hash: 775bdae7504da6490f554cadb5b0cdb4a4e0eb6c1090a3e3b240acc92da412c5
                                                            • Instruction Fuzzy Hash: CB518BF7F102244BF3844929DC693A13293DBE5314F2F8178CA49AB7C4E97E9D0A9384
                                                            Function 004DB3AE Relevance: .1, Instructions: 124COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b3ec3c4d7375a74eddbb0fff15b630d25afebb8712d17d063c665e7bdade60a0
                                                            • Instruction ID: a86618af2c3280f3aad143dea50f29e267995edf23ff97ab8b3920b6d1471bf4
                                                            • Opcode Fuzzy Hash: b3ec3c4d7375a74eddbb0fff15b630d25afebb8712d17d063c665e7bdade60a0
                                                            • Instruction Fuzzy Hash: 4F418DB3F211254BF3944D38CC583A22692D7D5314F2F827C8E885B7C9D97E5E099784
                                                            Function 0047B054 Relevance: .1, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f921a3a6f584c579b200b6fa53842de2e71428913577ce4ad5d2d888770f5f2e
                                                            • Instruction ID: 8c9156c62ec1902d2f43bcb74aa68ef01cab5bf8691f143cce3baa4da0a520f2
                                                            • Opcode Fuzzy Hash: f921a3a6f584c579b200b6fa53842de2e71428913577ce4ad5d2d888770f5f2e
                                                            • Instruction Fuzzy Hash: 03417CB7F1123607F3540929D854362A6929BD5324F2F82798E8C7B7C5DC7E5C0A53C4
                                                            Function 0046349B Relevance: .1, Instructions: 114COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4578139f7fb111be3014b1e6b729c6d20dccfd187d1aa260eed0d02acbb4de7a
                                                            • Instruction ID: 3a2495414588921e841d7c9354a031fb58928b5a12975ab59657cbf694524a44
                                                            • Opcode Fuzzy Hash: 4578139f7fb111be3014b1e6b729c6d20dccfd187d1aa260eed0d02acbb4de7a
                                                            • Instruction Fuzzy Hash: D44192B3F116214BF3804929CC943627682DBD5324F2F8674CE58AB7C9D87E9D4A5384
                                                            Function 004F42F9 Relevance: .1, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0fa86472de7c1dc7162070af0d20d47972b798e54720329a4a8b56f13d639588
                                                            • Instruction ID: 29a509eaac8c753a14fbebb96907d2356f27dcd760884350d0bce713726aea62
                                                            • Opcode Fuzzy Hash: 0fa86472de7c1dc7162070af0d20d47972b798e54720329a4a8b56f13d639588
                                                            • Instruction Fuzzy Hash: A73147F3F6062447F3844839CD483926542DBE5325F2F82388E98AB7C8E8BE9C0953C4
                                                            Function 0048E12B Relevance: .1, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 36d845fc3f16bb3c98f170f42c0e2a4ae1ba2cd67ae3c45952e291f7604282ba
                                                            • Instruction ID: 9b597c564a694c53e308150bb2dbfbf2d6e7acc4f008e4dd120790b83f2e36a1
                                                            • Opcode Fuzzy Hash: 36d845fc3f16bb3c98f170f42c0e2a4ae1ba2cd67ae3c45952e291f7604282ba
                                                            • Instruction Fuzzy Hash: 83313BB3F5071647F75848B9C9993626583DBD5324F2F82398F59ABBCAD8BD8C060284
                                                            Function 0050B457 Relevance: .1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 98ff318c1d883b32263577e34fd857b7e256572408f19884b306cfbd91a0b2fd
                                                            • Instruction ID: 0a9e8726f657c3088c227af26773dd5c16277fe25557fe18a31b1a9276c38125
                                                            • Opcode Fuzzy Hash: 98ff318c1d883b32263577e34fd857b7e256572408f19884b306cfbd91a0b2fd
                                                            • Instruction Fuzzy Hash: E031B5F3F6152103F3884838CC953A26142DB95310F2F82398F5AABBC5DC7EAE495384
                                                            Function 004DA33D Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 11880d33c217fa478a394ddd27bdafe575960b81d14e84dc95b61551cc8c9d2e
                                                            • Instruction ID: 686e9fbfcc5e342fc2fd443347b1ea79dfc4513407d812ff9b61b3b6c495bfb6
                                                            • Opcode Fuzzy Hash: 11880d33c217fa478a394ddd27bdafe575960b81d14e84dc95b61551cc8c9d2e
                                                            • Instruction Fuzzy Hash: 433146F3E61A3047F3848464CD4835265828795324F2F82758E2CBBBC5DC7E9D0A42C8
                                                            Function 0050A11F Relevance: .1, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 73cd858445a4f54c74c3bcea8fad383db6751c27b6ed3a5188c29e7a0d393e5f
                                                            • Instruction ID: 994a4ac8e0f72e3e610df9509c08cf11dfdc7dbce88863703f40a7b970d1cbae
                                                            • Opcode Fuzzy Hash: 73cd858445a4f54c74c3bcea8fad383db6751c27b6ed3a5188c29e7a0d393e5f
                                                            • Instruction Fuzzy Hash: 01312AF7F5252507F3984879CD59392548397D0324F2F82799A5CABBC5DC7E8C0A0384
                                                            Function 004A2179 Relevance: .1, Instructions: 92COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8a1aa1fa599b7dbce120df60b8bdf0d57ddaf196d774d9cc7c146b292084e6c9
                                                            • Instruction ID: 8c4ff5923bde668e5006a0a78499abb5eba97080c986037a5ea6a204948e8e9d
                                                            • Opcode Fuzzy Hash: 8a1aa1fa599b7dbce120df60b8bdf0d57ddaf196d774d9cc7c146b292084e6c9
                                                            • Instruction Fuzzy Hash: F93141E3F2162607F3840864CCAA3A25582D7E5724F3F467D9FA9EB3C2D87E9C451284
                                                            Function 004D301F Relevance: .1, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 33d33ba3e0e4e535ec0b060d6ccc7276d1d6b29b3d167a291dd9573374cdf3fb
                                                            • Instruction ID: c978902c5531a21c9a2073fbc03848a5fa462e210a5baa2d07ffa004ad97baa7
                                                            • Opcode Fuzzy Hash: 33d33ba3e0e4e535ec0b060d6ccc7276d1d6b29b3d167a291dd9573374cdf3fb
                                                            • Instruction Fuzzy Hash: F7317CB3F5023447F3940878DD983A66592AB94314F2F8379CF59ABBC5D8AD4D0917C4
                                                            Function 004F1347 Relevance: .1, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0390ae530c3755f1f26fb1aebed3ab46b52a7732d6b8f62b3412027f401bedc2
                                                            • Instruction ID: 27d2e03f19830508541ebf3495483df000e81bc64b29c5a5eb5c6b183d8e351d
                                                            • Opcode Fuzzy Hash: 0390ae530c3755f1f26fb1aebed3ab46b52a7732d6b8f62b3412027f401bedc2
                                                            • Instruction Fuzzy Hash: F23169F3F506244BF7844875CD9836225839BE4320F2F82798B5D6B6C5EC7E4C0A5284
                                                            Function 0048418A Relevance: .1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8bc91f679a7bcb3355c1e7d866d8c74997abfed116126a98bedf85b9e1fbe751
                                                            • Instruction ID: 7cf92ab3700fce99b7bb4cd6d2210bf420ceca345caf4aee6d0a1566f123013d
                                                            • Opcode Fuzzy Hash: 8bc91f679a7bcb3355c1e7d866d8c74997abfed116126a98bedf85b9e1fbe751
                                                            • Instruction Fuzzy Hash: 522165B3F612264BF35448B9CD993616982DB95720F3E83394B34E7EC9DCBD4D095284
                                                            Function 0044E2FE Relevance: .1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e63d771428aa8363491a72e462fd6736965f19bc7883c70e57a82d2ef9aa0195
                                                            • Instruction ID: b1cf9bb96ef4741b1379477116829a62650656cbb36ca1af0be504dba5d95d34
                                                            • Opcode Fuzzy Hash: e63d771428aa8363491a72e462fd6736965f19bc7883c70e57a82d2ef9aa0195
                                                            • Instruction Fuzzy Hash: 662183B3F512244BF3944879CD983A215839BC4320F2F82398E9D977C9DCBE4D0A5384
                                                            Function 005173F6 Relevance: .1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4139eafd2af423614bf891a489e0f18895ae33cfe7833ffa7ec4da072da793f7
                                                            • Instruction ID: 842c8421de57241e5f9b2a5de8a36e7a477bfa88e97963cbe4c9992863ed25ef
                                                            • Opcode Fuzzy Hash: 4139eafd2af423614bf891a489e0f18895ae33cfe7833ffa7ec4da072da793f7
                                                            • Instruction Fuzzy Hash: 862125B3F5112147F3980829CC653A621839BD5321F2F82399B6AAB7C8DC7E8D4A5384
                                                            Function 004BB2C7 Relevance: .1, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8cc0f41c61f91d69f26b537281def791c46799254195ed5c5288e9e28764a6b8
                                                            • Instruction ID: 4ac4e5fc353f50310d93f0dc111f9e0de8dbb57b3d0f1f1577afa778cb4687db
                                                            • Opcode Fuzzy Hash: 8cc0f41c61f91d69f26b537281def791c46799254195ed5c5288e9e28764a6b8
                                                            • Instruction Fuzzy Hash: 572169B3F411160BF3944879CD583A26183DBD5311F2EC2788E596BBC9E87E5D4A5244
                                                            Function 0049B29E Relevance: .1, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 39f70a7938b822edd05b84c9b351a7400bda237057f86befa872c285749f7493
                                                            • Instruction ID: 613299064823a73a7e3b99d003a94c8c5b560083750b760dfb327c3ddabfe114
                                                            • Opcode Fuzzy Hash: 39f70a7938b822edd05b84c9b351a7400bda237057f86befa872c285749f7493
                                                            • Instruction Fuzzy Hash: D1212CF3F112154BF388487ACD993632583EBD1324F2A86398F59AB7C9DC7D8C0A4648
                                                            Function 004302B3 Relevance: .1, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6c759d8faaa8aed0418b540e724dbaf4ab08b5ec91e3e33aa95a503eb08288e8
                                                            • Instruction ID: 19d7ee9d986f4e67f6453099555d9d807d585ef5eda79b5cb1e95d1225bffd63
                                                            • Opcode Fuzzy Hash: 6c759d8faaa8aed0418b540e724dbaf4ab08b5ec91e3e33aa95a503eb08288e8
                                                            • Instruction Fuzzy Hash: 762137E3F4122547F3984835DCA83661542A7D5324F2B823D8F9A2B7CADC7E4C0A17C4
                                                            Function 0048838B Relevance: .1, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f8855a26bb80d96dbaa7378c5b0ac2ce977703ce4fa0e7d3e91c7e4116a487b1
                                                            • Instruction ID: 56707cf2c6917f5acee320741d946f461272c83041aef4bdf0cdf66bf3ab8360
                                                            • Opcode Fuzzy Hash: f8855a26bb80d96dbaa7378c5b0ac2ce977703ce4fa0e7d3e91c7e4116a487b1
                                                            • Instruction Fuzzy Hash: 4E2138F7F2052143F3504879DD993529583A794319F2FC2394E58EBBC9ECBE9C4A4688
                                                            Function 0043402E Relevance: .1, Instructions: 81COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1bdf951070f97da235a54c68d8db5b9c1d00a40ac20962172bdad17af12ca17f
                                                            • Instruction ID: fc269e9679642ccaee890f596f9208b60e27f15a0f893980b570bad7cd20a441
                                                            • Opcode Fuzzy Hash: 1bdf951070f97da235a54c68d8db5b9c1d00a40ac20962172bdad17af12ca17f
                                                            • Instruction Fuzzy Hash: BE2124B7F1262107F3844864C9593626142A3D5321F2F82788B69ABBC9DC7D4D0A03C8
                                                            Function 0062B4AD Relevance: .1, Instructions: 81COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 382942365af40c7966fe83e612942cd3b398eb5c447ac97e0b3ea6c6fa7e660d
                                                            • Instruction ID: ba967856f68deb6c9e554a1652d09a69133fb8bc633e4e4015c827f5f012096c
                                                            • Opcode Fuzzy Hash: 382942365af40c7966fe83e612942cd3b398eb5c447ac97e0b3ea6c6fa7e660d
                                                            • Instruction Fuzzy Hash: 512131B281C214EFE7156E58DC857EAFBE4FB18360F06092DEAD493650D73668009B97
                                                            Function 0049944F Relevance: .1, Instructions: 80COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 345e618cd0329f8237df1433cd3976e938846347cea33deddba265ed223b45e3
                                                            • Instruction ID: 71b44a578e70ab0123e3c8bcaaa841482b2b2f6eae3144946ef06addc80d156b
                                                            • Opcode Fuzzy Hash: 345e618cd0329f8237df1433cd3976e938846347cea33deddba265ed223b45e3
                                                            • Instruction Fuzzy Hash: A42138F3E1162107F35448B9DD98342668397D5325F2F82398F6CAB7C6E87D8C065284
                                                            Function 004AB0F3 Relevance: .1, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 17b88b4165fa472451810bf8e84ab7a3841e48d0d9fc07c9e86d759cbf3386ec
                                                            • Instruction ID: ebb321627ea2b041cbb66bfda24acff0c43b0c0616e5e6ad6adc95266f3b9b44
                                                            • Opcode Fuzzy Hash: 17b88b4165fa472451810bf8e84ab7a3841e48d0d9fc07c9e86d759cbf3386ec
                                                            • Instruction Fuzzy Hash: 812129F3F1022547F7988D25CCA83626252DB95310F2E817C8E896BBC8D8BE5D0A97C4
                                                            Function 0047B146 Relevance: .1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9ec47b37358e22013a4b3820d76e30b272362d3224174177dfb5b3afef1e074a
                                                            • Instruction ID: 377844d52ff592af0c4318e331d9187755c5eb0fc8339d148ae4d741f4cea0fd
                                                            • Opcode Fuzzy Hash: 9ec47b37358e22013a4b3820d76e30b272362d3224174177dfb5b3afef1e074a
                                                            • Instruction Fuzzy Hash: 731179F7F5122143F354482ADC5436262839BE9324F2F827A8F996B7C5DCBE5D0A0388
                                                            Function 00425039 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.3763184070.000000000041E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                            • Associated: 00000000.00000002.3763080850.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763107135.0000000000401000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763150210.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.000000000058D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763184070.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763555788.0000000000685000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.3763706422.00000000007FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_400000_MysticThumbs4.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 03f6a87f4cc506d0a1c13286cb7f487eddce04fea95520058f0bbb38318e69a5
                                                            • Instruction ID: f8f6db527c8f7caa579a20572e5814d37f63bf75f49ab21b48e8a3aa1f7f31ce
                                                            • Opcode Fuzzy Hash: 03f6a87f4cc506d0a1c13286cb7f487eddce04fea95520058f0bbb38318e69a5
                                                            • Instruction Fuzzy Hash: 35F0F6F3609604DBD7007A49EC4477ABBA6EFD16B0F2B482DC5C003300EA766425C6CB