Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1561630
MD5:f2742a9288b543dfd082fe555fc135e7
SHA1:3324370e94527fcf80ef571f9c1819d59b0b2f23
SHA256:dace3504559fca2ba342fa83836e916775514060f4772cdeb263b91906a23d46
Tags:exeuser-Bitsight
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
AI detected suspicious sample
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • file.exe (PID: 5448 cmdline: "C:\Users\user\Desktop\file.exe" MD5: F2742A9288B543DFD082FE555FC135E7)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Source: file.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00723FBF CryptVerifySignatureA,0_2_00723FBF
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2161011666.0000000004920000.00000004.00001000.00020000.00000000.sdmp
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: tse1.mm.bing.net

System Summary

barindex
Source: file.exeStatic PE information: section name:
Source: file.exeStatic PE information: section name: .idata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CC0730_2_006CC073
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CC0930_2_006CC093
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CF9390_2_006CF939
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E82740_2_006E8274
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AE2020_2_007AE202
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CFAF30_2_006CFAF3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D9A990_2_006D9A99
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054DB990_2_0054DB99
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D8EA40_2_006D8EA4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007A6FED0_2_007A6FED
Source: C:\Users\user\Desktop\file.exeCode function: String function: 0071EFB4 appears 35 times
Source: file.exe, 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000002.2295387462.0000000000C5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exeBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: classification engineClassification label: mal100.evad.winEXE@1/1@1/0
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.logJump to behavior
Source: C:\Users\user\Desktop\file.exeMutant created: NULL
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: file.exeStatic file information: File size 2832384 > 1048576
Source: file.exeStatic PE information: Raw size of rqwfzwob is bigger than: 0x100000 < 0x2ad800
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2161011666.0000000004920000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

barindex
Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.540000.0.unpack :EW;.rsrc:W;.idata :W;rqwfzwob:EW;llcfprjm:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: file.exeStatic PE information: real checksum: 0x2bda1a should be: 0x2b81d6
Source: file.exeStatic PE information: section name:
Source: file.exeStatic PE information: section name: .idata
Source: file.exeStatic PE information: section name: rqwfzwob
Source: file.exeStatic PE information: section name: llcfprjm
Source: file.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CF21A push 4A40CF9Bh; mov dword ptr [esp], edx0_2_006CF268
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CF21A push 7A48A33Fh; mov dword ptr [esp], ebp0_2_006CF34D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CF21A push 0490BDEDh; mov dword ptr [esp], esp0_2_006CF3B1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054EC4A push ebp; mov dword ptr [esp], eax0_2_0054F1DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054EC4A push ebp; mov dword ptr [esp], 773F8470h0_2_0054F204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D1F82 push ebx; ret 0_2_006D1FB4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D0068 push edi; mov dword ptr [esp], 3FBE1A1Dh0_2_006D0071
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D0068 push edx; mov dword ptr [esp], ecx0_2_006D009C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D0068 push 0A67CC91h; mov dword ptr [esp], ebx0_2_006D0103
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D0068 push 78E073C4h; mov dword ptr [esp], esi0_2_006D013C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D0063 push edi; mov dword ptr [esp], 3FBE1A1Dh0_2_006D0071
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D0063 push edx; mov dword ptr [esp], ecx0_2_006D009C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D0063 push 0A67CC91h; mov dword ptr [esp], ebx0_2_006D0103
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D0063 push 78E073C4h; mov dword ptr [esp], esi0_2_006D013C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D2079 push edx; ret 0_2_006D20E7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CC073 push eax; mov dword ptr [esp], ebp0_2_006CC077
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CC073 push edi; mov dword ptr [esp], ecx0_2_006CC088
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CC073 push 5309B5D1h; mov dword ptr [esp], esi0_2_006CC11F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CC073 push esi; mov dword ptr [esp], edx0_2_006CC138
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CC073 push esi; mov dword ptr [esp], esp0_2_006CC177
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CC073 push 5A27E7F7h; mov dword ptr [esp], edi0_2_006CC195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CC073 push esi; mov dword ptr [esp], 7B61DAB0h0_2_006CC1ED
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CC073 push ecx; mov dword ptr [esp], 7CF5A24Dh0_2_006CC230
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CC073 push 1FF74FC2h; mov dword ptr [esp], esi0_2_006CC26D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CC073 push ebx; mov dword ptr [esp], 74DDC457h0_2_006CC2D4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007CA849 push 63CD95C1h; mov dword ptr [esp], esi0_2_007CA854
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007CA849 push eax; mov dword ptr [esp], ecx0_2_007CA868
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007CA849 push 7B0C8904h; mov dword ptr [esp], edx0_2_007CA9BD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007CA849 push 40458D5Bh; mov dword ptr [esp], eax0_2_007CAA4B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054F06F push edx; mov dword ptr [esp], eax0_2_0054F098
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D782E push edx; mov dword ptr [esp], 7715CE67h0_2_006D7EE1
Source: file.exeStatic PE information: section name: entropy: 7.796841578474847

Boot Survival

barindex
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54E278 second address: 54E282 instructions: 0x00000000 rdtsc 0x00000002 ja 00007EFE90E7CF76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54DADB second address: 54DAE7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C3C54 second address: 6C3C63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF7Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C3C63 second address: 6C3C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C3C69 second address: 6C3C80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF7Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CF947 second address: 6CF985 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE9128755Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnl 00007EFE9128755Ah 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 pop edi 0x00000015 popad 0x00000016 push edi 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007EFE91287563h 0x0000001e jno 00007EFE91287556h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CF985 second address: 6CF98E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CF98E second address: 6CF9AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE91287568h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CF9AC second address: 6CF9B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D1E3B second address: 6D1E71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007EFE9128755Bh 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push ecx 0x00000012 pushad 0x00000013 jp 00007EFE91287556h 0x00000019 push edi 0x0000001a pop edi 0x0000001b popad 0x0000001c pop ecx 0x0000001d mov eax, dword ptr [eax] 0x0000001f push esi 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 push esi 0x00000024 pop esi 0x00000025 popad 0x00000026 pop esi 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b push edi 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D1E71 second address: 6D1E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D1FC9 second address: 6D1FDB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007EFE91287558h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D2067 second address: 6D206B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D206B second address: 6D2071 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D2071 second address: 6D2113 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor dword ptr [esp], 7EBFDBB1h 0x00000012 push esi 0x00000013 add dword ptr [ebp+122D3978h], eax 0x00000019 pop ecx 0x0000001a push 00000003h 0x0000001c cmc 0x0000001d push 00000000h 0x0000001f xor dx, 048Bh 0x00000024 push 00000003h 0x00000026 mov dword ptr [ebp+122D1CCBh], edx 0x0000002c push BB6A7200h 0x00000031 jmp 00007EFE90E7CF82h 0x00000036 xor dword ptr [esp], 7B6A7200h 0x0000003d push 00000000h 0x0000003f push edx 0x00000040 call 00007EFE90E7CF78h 0x00000045 pop edx 0x00000046 mov dword ptr [esp+04h], edx 0x0000004a add dword ptr [esp+04h], 00000017h 0x00000052 inc edx 0x00000053 push edx 0x00000054 ret 0x00000055 pop edx 0x00000056 ret 0x00000057 sub dword ptr [ebp+124543E3h], esi 0x0000005d lea ebx, dword ptr [ebp+12457D8Ah] 0x00000063 xor dh, FFFFFFA4h 0x00000066 xchg eax, ebx 0x00000067 pushad 0x00000068 push esi 0x00000069 jmp 00007EFE90E7CF7Ch 0x0000006e pop esi 0x0000006f jo 00007EFE90E7CF7Ch 0x00000075 push eax 0x00000076 push edx 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D2290 second address: 6D2294 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D2294 second address: 6D2298 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D2298 second address: 6D22A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 je 00007EFE9128755Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D22A9 second address: 6D22BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007EFE90E7CF78h 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D22BE second address: 6D22D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jne 00007EFE91287556h 0x0000000e popad 0x0000000f popad 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D22D6 second address: 6D22DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D22DA second address: 6D22E4 instructions: 0x00000000 rdtsc 0x00000002 jp 00007EFE91287556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D22E4 second address: 6D22E9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D22E9 second address: 6D2300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jnl 00007EFE91287556h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D2300 second address: 6D232D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF80h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push ecx 0x0000000b sub dword ptr [ebp+122D1DCEh], ebx 0x00000011 pop esi 0x00000012 lea ebx, dword ptr [ebp+12457D95h] 0x00000018 push eax 0x00000019 jg 00007EFE90E7CF84h 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C5841 second address: 6C584B instructions: 0x00000000 rdtsc 0x00000002 jl 00007EFE91287556h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C584B second address: 6C5854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F1B1C second address: 6F1B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jns 00007EFE91287556h 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007EFE91287561h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F1C5C second address: 6F1C74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007EFE90E7CF81h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F1C74 second address: 6F1C90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE91287568h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F1C90 second address: 6F1C96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F2600 second address: 6F2606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F2606 second address: 6F260A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F2943 second address: 6F294D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007EFE91287556h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F2C4F second address: 6F2C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007EFE90E7CF7Bh 0x00000011 popad 0x00000012 jmp 00007EFE90E7CF7Fh 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E68C5 second address: 6E68E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE91287564h 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E68E1 second address: 6E68F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 pop eax 0x0000000a jng 00007EFE90E7CF76h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CAABA second address: 6CAACE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 je 00007EFE91287556h 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CAACE second address: 6CAAD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CAAD4 second address: 6CAAD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F334B second address: 6F33AB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jp 00007EFE90E7CF76h 0x00000009 jmp 00007EFE90E7CF89h 0x0000000e pop ecx 0x0000000f jmp 00007EFE90E7CF84h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jnp 00007EFE90E7CF95h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F3653 second address: 6F3659 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F3659 second address: 6F3692 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF88h 0x00000007 jmp 00007EFE90E7CF85h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jl 00007EFE90E7CF7Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F3A71 second address: 6F3AAC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE9128755Fh 0x00000007 jnp 00007EFE91287556h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007EFE91287561h 0x00000014 pushad 0x00000015 jmp 00007EFE9128755Ch 0x0000001a push edi 0x0000001b pop edi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F3AAC second address: 6F3ABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007EFE90E7CF76h 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FA98A second address: 6FA9D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007EFE91287569h 0x0000000a popad 0x0000000b pushad 0x0000000c push ebx 0x0000000d push edi 0x0000000e pop edi 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop ebx 0x00000012 jmp 00007EFE91287561h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007EFE9128755Dh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FEDA8 second address: 6FEDB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edi 0x00000008 push esi 0x00000009 pop esi 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FE4B5 second address: 6FE4CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE9128755Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007EFE91287556h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FE609 second address: 6FE60F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FE60F second address: 6FE614 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FE614 second address: 6FE624 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007EFE90E7CF76h 0x0000000a jnp 00007EFE90E7CF76h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FE624 second address: 6FE628 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FE8EC second address: 6FE909 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007EFE90E7CF87h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FE909 second address: 6FE93A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE91287566h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007EFE91287582h 0x0000000f jmp 00007EFE9128755Eh 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FE93A second address: 6FE946 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007EFE90E7CF76h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FEAAB second address: 6FEAAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7014AB second address: 7014B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7014B1 second address: 7014B6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 701B8B second address: 701B8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 701B8F second address: 701B93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 701B93 second address: 701BA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 702010 second address: 702016 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70464E second address: 7046B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF80h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 nop 0x00000011 movzx edi, si 0x00000014 push 00000000h 0x00000016 jng 00007EFE90E7CF7Ch 0x0000001c sub dword ptr [ebp+122D2E66h], esi 0x00000022 mov edi, dword ptr [ebp+122D1CEEh] 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push eax 0x0000002d call 00007EFE90E7CF78h 0x00000032 pop eax 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 add dword ptr [esp+04h], 00000017h 0x0000003f inc eax 0x00000040 push eax 0x00000041 ret 0x00000042 pop eax 0x00000043 ret 0x00000044 push eax 0x00000045 pushad 0x00000046 jp 00007EFE90E7CF7Ch 0x0000004c jbe 00007EFE90E7CF76h 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 703324 second address: 703328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 703328 second address: 70332E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70332E second address: 70334B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFE91287569h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70514D second address: 7051D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007EFE90E7CF76h 0x0000000a popad 0x0000000b pop edx 0x0000000c nop 0x0000000d push esi 0x0000000e or si, DB21h 0x00000013 pop esi 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007EFE90E7CF78h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000018h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 mov edi, 12345FDEh 0x00000035 mov esi, dword ptr [ebp+122D2CAFh] 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push eax 0x00000040 call 00007EFE90E7CF78h 0x00000045 pop eax 0x00000046 mov dword ptr [esp+04h], eax 0x0000004a add dword ptr [esp+04h], 00000014h 0x00000052 inc eax 0x00000053 push eax 0x00000054 ret 0x00000055 pop eax 0x00000056 ret 0x00000057 mov dword ptr [ebp+1247251Bh], eax 0x0000005d push eax 0x0000005e pushad 0x0000005f jno 00007EFE90E7CF81h 0x00000065 push eax 0x00000066 push edx 0x00000067 jmp 00007EFE90E7CF81h 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70B55E second address: 70B564 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70C607 second address: 70C662 instructions: 0x00000000 rdtsc 0x00000002 js 00007EFE90E7CF78h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edi 0x0000000e push edi 0x0000000f js 00007EFE90E7CF76h 0x00000015 pop edi 0x00000016 pop edi 0x00000017 nop 0x00000018 ja 00007EFE90E7CF79h 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push edi 0x00000023 call 00007EFE90E7CF78h 0x00000028 pop edi 0x00000029 mov dword ptr [esp+04h], edi 0x0000002d add dword ptr [esp+04h], 0000001Ch 0x00000035 inc edi 0x00000036 push edi 0x00000037 ret 0x00000038 pop edi 0x00000039 ret 0x0000003a mov ebx, edx 0x0000003c push 00000000h 0x0000003e mov ebx, dword ptr [ebp+122D240Dh] 0x00000044 xchg eax, esi 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 jnp 00007EFE90E7CF76h 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70C662 second address: 70C67F instructions: 0x00000000 rdtsc 0x00000002 je 00007EFE91287556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c pushad 0x0000000d push edx 0x0000000e jo 00007EFE91287556h 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jp 00007EFE91287556h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70D633 second address: 70D64B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFE90E7CF83h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70D64B second address: 70D664 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jp 00007EFE9128755Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70D664 second address: 70D668 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70E6A7 second address: 70E721 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE9128755Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b pushad 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 jmp 00007EFE91287569h 0x00000015 popad 0x00000016 nop 0x00000017 jnc 00007EFE9128755Bh 0x0000001d push 00000000h 0x0000001f mov di, cx 0x00000022 push 00000000h 0x00000024 jmp 00007EFE91287569h 0x00000029 xchg eax, esi 0x0000002a push edx 0x0000002b push edi 0x0000002c jnp 00007EFE91287556h 0x00000032 pop edi 0x00000033 pop edx 0x00000034 push eax 0x00000035 jl 00007EFE91287562h 0x0000003b jo 00007EFE9128755Ch 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 706F95 second address: 706F9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70B7CC second address: 70B7DF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007EFE91287558h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70F7D1 second address: 70F7DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70C7F3 second address: 70C80F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE9128755Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007EFE91287556h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70D813 second address: 70D8A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edi, dword ptr [ebp+122D1D80h] 0x00000010 push dword ptr fs:[00000000h] 0x00000017 push 00000000h 0x00000019 push ecx 0x0000001a call 00007EFE90E7CF78h 0x0000001f pop ecx 0x00000020 mov dword ptr [esp+04h], ecx 0x00000024 add dword ptr [esp+04h], 0000001Ah 0x0000002c inc ecx 0x0000002d push ecx 0x0000002e ret 0x0000002f pop ecx 0x00000030 ret 0x00000031 mov edi, 6E724B28h 0x00000036 mov dword ptr fs:[00000000h], esp 0x0000003d push 00000000h 0x0000003f push ecx 0x00000040 call 00007EFE90E7CF78h 0x00000045 pop ecx 0x00000046 mov dword ptr [esp+04h], ecx 0x0000004a add dword ptr [esp+04h], 00000016h 0x00000052 inc ecx 0x00000053 push ecx 0x00000054 ret 0x00000055 pop ecx 0x00000056 ret 0x00000057 pushad 0x00000058 mov dword ptr [ebp+12458665h], ebx 0x0000005e popad 0x0000005f mov eax, dword ptr [ebp+122D1009h] 0x00000065 mov ebx, dword ptr [ebp+122D1EC4h] 0x0000006b push FFFFFFFFh 0x0000006d jp 00007EFE90E7CF7Ch 0x00000073 mov edi, dword ptr [ebp+122D2B0Bh] 0x00000079 add ebx, 735D84A1h 0x0000007f push eax 0x00000080 push eax 0x00000081 push edx 0x00000082 push eax 0x00000083 push edx 0x00000084 pushad 0x00000085 popad 0x00000086 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70E8C0 second address: 70E96C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007EFE91287558h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 push dword ptr fs:[00000000h] 0x0000002b mov edi, 16C2EA00h 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 jmp 00007EFE91287569h 0x0000003c mov eax, dword ptr [ebp+122D1011h] 0x00000042 mov dword ptr [ebp+122D1FA3h], esi 0x00000048 push FFFFFFFFh 0x0000004a push 00000000h 0x0000004c push edi 0x0000004d call 00007EFE91287558h 0x00000052 pop edi 0x00000053 mov dword ptr [esp+04h], edi 0x00000057 add dword ptr [esp+04h], 00000019h 0x0000005f inc edi 0x00000060 push edi 0x00000061 ret 0x00000062 pop edi 0x00000063 ret 0x00000064 and bx, 34F2h 0x00000069 sbb bx, 53C9h 0x0000006e push eax 0x0000006f pushad 0x00000070 push ebx 0x00000071 jmp 00007EFE91287564h 0x00000076 pop ebx 0x00000077 push eax 0x00000078 push edx 0x00000079 push edx 0x0000007a pop edx 0x0000007b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70B7DF second address: 70B7E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70F7DA second address: 70F7DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70C80F second address: 70C815 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70D8A5 second address: 70D8AF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFE91287556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70B7E5 second address: 70B7E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70F7DE second address: 70F864 instructions: 0x00000000 rdtsc 0x00000002 jc 00007EFE91287556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c mov ebx, dword ptr [ebp+122D2CAFh] 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 call 00007EFE91287558h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], ecx 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc ecx 0x0000002a push ecx 0x0000002b ret 0x0000002c pop ecx 0x0000002d ret 0x0000002e mov edi, dword ptr [ebp+122D266Ch] 0x00000034 sub ebx, dword ptr [ebp+122D2CBFh] 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push edi 0x0000003f call 00007EFE91287558h 0x00000044 pop edi 0x00000045 mov dword ptr [esp+04h], edi 0x00000049 add dword ptr [esp+04h], 00000018h 0x00000051 inc edi 0x00000052 push edi 0x00000053 ret 0x00000054 pop edi 0x00000055 ret 0x00000056 mov edi, 1C74DF86h 0x0000005b xchg eax, esi 0x0000005c jmp 00007EFE9128755Eh 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 jmp 00007EFE9128755Bh 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70C815 second address: 70C81F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007EFE90E7CF76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70C90B second address: 70C90F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70F9F7 second address: 70FA77 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007EFE90E7CF78h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+122D1CBFh] 0x0000002a push dword ptr fs:[00000000h] 0x00000031 mov dword ptr [ebp+122D35CEh], eax 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e jno 00007EFE90E7CF78h 0x00000044 mov eax, dword ptr [ebp+122D05CDh] 0x0000004a mov ebx, eax 0x0000004c push FFFFFFFFh 0x0000004e push 00000000h 0x00000050 push ebx 0x00000051 call 00007EFE90E7CF78h 0x00000056 pop ebx 0x00000057 mov dword ptr [esp+04h], ebx 0x0000005b add dword ptr [esp+04h], 0000001Ch 0x00000063 inc ebx 0x00000064 push ebx 0x00000065 ret 0x00000066 pop ebx 0x00000067 ret 0x00000068 movzx ebx, ax 0x0000006b push eax 0x0000006c pushad 0x0000006d push eax 0x0000006e push edx 0x0000006f pushad 0x00000070 popad 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7116C8 second address: 7116CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7116CC second address: 7116E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007EFE90E7CF80h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7116E6 second address: 711730 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007EFE91287556h 0x00000009 jmp 00007EFE9128755Dh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 sub dword ptr [ebp+1245EAA5h], ecx 0x00000018 push 00000000h 0x0000001a mov edi, dword ptr [ebp+122D1D65h] 0x00000020 push 00000000h 0x00000022 adc ebx, 737FBE56h 0x00000028 xchg eax, esi 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007EFE91287567h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 711730 second address: 711743 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 js 00007EFE90E7CF84h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 711743 second address: 711747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 712652 second address: 71269F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007EFE90E7CF76h 0x0000000a popad 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007EFE90E7CF78h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 add di, 563Fh 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 or dword ptr [ebp+12469112h], ecx 0x00000038 xchg eax, esi 0x00000039 jo 00007EFE90E7CF88h 0x0000003f push eax 0x00000040 push edx 0x00000041 jp 00007EFE90E7CF76h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71269F second address: 7126A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7126A3 second address: 7126B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007EFE90E7CF76h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 713685 second address: 713724 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE91287564h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jp 00007EFE9128755Ah 0x00000010 push eax 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop eax 0x00000014 nop 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007EFE91287558h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 00000017h 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f cmc 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push edi 0x00000035 call 00007EFE91287558h 0x0000003a pop edi 0x0000003b mov dword ptr [esp+04h], edi 0x0000003f add dword ptr [esp+04h], 0000001Bh 0x00000047 inc edi 0x00000048 push edi 0x00000049 ret 0x0000004a pop edi 0x0000004b ret 0x0000004c add dword ptr [ebp+122D39C0h], edx 0x00000052 push 00000000h 0x00000054 mov dword ptr [ebp+122D3961h], edi 0x0000005a sbb edi, 75DB714Fh 0x00000060 xchg eax, esi 0x00000061 je 00007EFE9128757Bh 0x00000067 push eax 0x00000068 push edx 0x00000069 jmp 00007EFE91287569h 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71284C second address: 712851 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 712851 second address: 712858 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7146EB second address: 7146F9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007EFE90E7CF76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71291A second address: 712928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jno 00007EFE91287556h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7167BF second address: 716818 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007EFE90E7CF78h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 00000017h 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 jmp 00007EFE90E7CF7Bh 0x00000028 push 00000000h 0x0000002a mov dword ptr [ebp+122D1FADh], edx 0x00000030 push 00000000h 0x00000032 sub bx, A0A0h 0x00000037 xchg eax, esi 0x00000038 jnl 00007EFE90E7CF80h 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 716818 second address: 71681C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71887C second address: 71888C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFE90E7CF7Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71888C second address: 71890C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE91287565h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e movsx edi, dx 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007EFE91287558h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d mov edi, dword ptr [ebp+122D20E9h] 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push eax 0x00000038 call 00007EFE91287558h 0x0000003d pop eax 0x0000003e mov dword ptr [esp+04h], eax 0x00000042 add dword ptr [esp+04h], 0000001Bh 0x0000004a inc eax 0x0000004b push eax 0x0000004c ret 0x0000004d pop eax 0x0000004e ret 0x0000004f movzx edi, di 0x00000052 xchg eax, esi 0x00000053 pushad 0x00000054 jc 00007EFE9128755Ch 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71890C second address: 718921 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edi 0x00000006 pop edi 0x00000007 je 00007EFE90E7CF76h 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 718921 second address: 718925 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7159E2 second address: 7159FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFE90E7CF89h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 719891 second address: 719896 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 719896 second address: 7198A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7198A3 second address: 7198A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 713844 second address: 713848 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 713848 second address: 7138D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a pushad 0x0000000b push eax 0x0000000c mov eax, dword ptr [ebp+122D20E9h] 0x00000012 pop eax 0x00000013 or dword ptr [ebp+122D397Eh], esi 0x00000019 popad 0x0000001a push dword ptr fs:[00000000h] 0x00000021 jns 00007EFE9128755Ch 0x00000027 mov dword ptr fs:[00000000h], esp 0x0000002e xor ebx, 672942BDh 0x00000034 mov eax, dword ptr [ebp+122D089Dh] 0x0000003a jmp 00007EFE91287564h 0x0000003f push FFFFFFFFh 0x00000041 push 00000000h 0x00000043 push ebx 0x00000044 call 00007EFE91287558h 0x00000049 pop ebx 0x0000004a mov dword ptr [esp+04h], ebx 0x0000004e add dword ptr [esp+04h], 0000001Dh 0x00000056 inc ebx 0x00000057 push ebx 0x00000058 ret 0x00000059 pop ebx 0x0000005a ret 0x0000005b mov di, B7F2h 0x0000005f push eax 0x00000060 push eax 0x00000061 push edx 0x00000062 jc 00007EFE91287558h 0x00000068 pushad 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7138D2 second address: 7138D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71A853 second address: 71A857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71AA82 second address: 71AA86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71AA86 second address: 71AA8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71AA8A second address: 71AA90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71AA90 second address: 71AA95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 728C54 second address: 728C5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 728C5A second address: 728C5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 728C5E second address: 728C66 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 728C66 second address: 728C6B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 728DAE second address: 728DB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 728DB2 second address: 728DB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 728DB8 second address: 728DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 728DC2 second address: 728DC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 728DC8 second address: 728DED instructions: 0x00000000 rdtsc 0x00000002 jnp 00007EFE90E7CF76h 0x00000008 jng 00007EFE90E7CF76h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop ecx 0x00000011 push ebx 0x00000012 jmp 00007EFE90E7CF7Fh 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73169D second address: 7316C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007EFE91287563h 0x0000000e jmp 00007EFE9128755Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BEA63 second address: 6BEA69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BEA69 second address: 6BEA71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BEA71 second address: 6BEA77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BEA77 second address: 6BEA7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 734AD2 second address: 734B03 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007EFE90E7CF86h 0x0000000c jmp 00007EFE90E7CF80h 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 jmp 00007EFE90E7CF7Fh 0x00000019 push ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 734B03 second address: 734B2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a ja 00007EFE91287566h 0x00000010 mov eax, dword ptr [eax] 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 734B2A second address: 734B4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF80h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop ecx 0x0000000d popad 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 734BCF second address: 734BD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 739A66 second address: 739A7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007EFE90E7CF76h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f jng 00007EFE90E7CF76h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 738831 second address: 73884F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE9128755Dh 0x00000009 jmp 00007EFE9128755Bh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73884F second address: 73885D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnl 00007EFE90E7CF76h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 738E83 second address: 738EEC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007EFE91287556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jp 00007EFE9128757Ch 0x00000012 jmp 00007EFE91287568h 0x00000017 push esi 0x00000018 jmp 00007EFE91287564h 0x0000001d pop esi 0x0000001e push esi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73905F second address: 739066 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7391BA second address: 7391BF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 739602 second address: 739624 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 ja 00007EFE90E7CFA6h 0x0000000c jnl 00007EFE90E7CF7Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 jbe 00007EFE90E7CF76h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7397B7 second address: 7397BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7397BB second address: 7397CA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jnc 00007EFE90E7CF76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7397CA second address: 7397D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C2191 second address: 6C21A6 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007EFE90E7CF76h 0x00000008 jmp 00007EFE90E7CF7Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C21A6 second address: 6C21B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007EFE91287556h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C21B2 second address: 6C21B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 742141 second address: 742155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE9128755Fh 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 742155 second address: 74215D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74215D second address: 74219D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE9128755Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007EFE9128755Fh 0x00000013 je 00007EFE91287556h 0x00000019 jmp 00007EFE91287563h 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74219D second address: 7421A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7422FF second address: 742303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 742303 second address: 742317 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF7Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 742317 second address: 74231B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74231B second address: 742337 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF88h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 742337 second address: 74234D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFE9128755Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74289D second address: 7428A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 742B23 second address: 742B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 742B27 second address: 742B38 instructions: 0x00000000 rdtsc 0x00000002 jno 00007EFE90E7CF76h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 742CB2 second address: 742CD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 jnp 00007EFE91287556h 0x0000000e pop edx 0x0000000f push ebx 0x00000010 push ebx 0x00000011 jc 00007EFE91287556h 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a js 00007EFE91287556h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E74C5 second address: 6E74CB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 743238 second address: 743279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007EFE9128755Ah 0x0000000f pushad 0x00000010 jmp 00007EFE91287566h 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007EFE91287561h 0x0000001c push edx 0x0000001d pop edx 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 749FE1 second address: 749FE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 749FE8 second address: 749FF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007EFE91287556h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 748A09 second address: 748A26 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007EFE90E7CF88h 0x00000008 jmp 00007EFE90E7CF80h 0x0000000d push edx 0x0000000e pop edx 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74985F second address: 749864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7499DF second address: 7499F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF7Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 749D49 second address: 749D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE9128755Bh 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 749D61 second address: 749D67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 749D67 second address: 749D6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 749D6D second address: 749D71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74D62A second address: 74D63A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jp 00007EFE91287556h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74D63A second address: 74D656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007EFE90E7CF81h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74D656 second address: 74D65D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74D65D second address: 74D662 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708291 second address: 70832F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE9128755Fh 0x00000009 popad 0x0000000a push esi 0x0000000b jmp 00007EFE9128755Ch 0x00000010 pop esi 0x00000011 popad 0x00000012 mov dword ptr [esp], eax 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007EFE91287558h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f add edx, dword ptr [ebp+122D2A53h] 0x00000035 lea eax, dword ptr [ebp+1248E018h] 0x0000003b push 00000000h 0x0000003d push esi 0x0000003e call 00007EFE91287558h 0x00000043 pop esi 0x00000044 mov dword ptr [esp+04h], esi 0x00000048 add dword ptr [esp+04h], 0000001Bh 0x00000050 inc esi 0x00000051 push esi 0x00000052 ret 0x00000053 pop esi 0x00000054 ret 0x00000055 nop 0x00000056 push eax 0x00000057 jmp 00007EFE91287561h 0x0000005c pop eax 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007EFE91287560h 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70832F second address: 708335 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708335 second address: 6E68C5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 pushad 0x0000000a xor edx, 40982A0Ah 0x00000010 mov dl, 21h 0x00000012 popad 0x00000013 call dword ptr [ebp+122D28AEh] 0x00000019 push edi 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7087BE second address: 7087C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708904 second address: 70890A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70890A second address: 54DADB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF7Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c adc edx, 58D91B08h 0x00000012 push dword ptr [ebp+122D0B69h] 0x00000018 mov dword ptr [ebp+122D24B2h], edx 0x0000001e call dword ptr [ebp+122D263Eh] 0x00000024 pushad 0x00000025 pushad 0x00000026 jmp 00007EFE90E7CF7Bh 0x0000002b pushad 0x0000002c mov edi, dword ptr [ebp+122D2A0Fh] 0x00000032 jnc 00007EFE90E7CF76h 0x00000038 popad 0x00000039 popad 0x0000003a xor eax, eax 0x0000003c pushad 0x0000003d jmp 00007EFE90E7CF7Bh 0x00000042 mov ecx, dword ptr [ebp+122D29F3h] 0x00000048 popad 0x00000049 mov dword ptr [ebp+122D274Fh], ebx 0x0000004f mov edx, dword ptr [esp+28h] 0x00000053 cmc 0x00000054 mov dword ptr [ebp+122D2CE7h], eax 0x0000005a sub dword ptr [ebp+122D274Fh], ecx 0x00000060 pushad 0x00000061 jmp 00007EFE90E7CF7Dh 0x00000066 jno 00007EFE90E7CF7Ch 0x0000006c popad 0x0000006d mov esi, 0000003Ch 0x00000072 xor dword ptr [ebp+122D1CF4h], eax 0x00000078 add esi, dword ptr [esp+24h] 0x0000007c mov dword ptr [ebp+122D1D5Fh], eax 0x00000082 lodsw 0x00000084 mov dword ptr [ebp+122D1D5Fh], edi 0x0000008a add eax, dword ptr [esp+24h] 0x0000008e mov dword ptr [ebp+122D1CF4h], ebx 0x00000094 mov ebx, dword ptr [esp+24h] 0x00000098 mov dword ptr [ebp+122D1CF4h], esi 0x0000009e nop 0x0000009f push esi 0x000000a0 push eax 0x000000a1 push edx 0x000000a2 jns 00007EFE90E7CF76h 0x000000a8 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708D05 second address: 708D0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708D0F second address: 708D13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708D13 second address: 708D17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708D17 second address: 708D24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708D24 second address: 708D28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708E35 second address: 708E85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007EFE90E7CF87h 0x0000000d nop 0x0000000e mov cx, CF80h 0x00000012 push 00000004h 0x00000014 mov edi, dword ptr [ebp+122D2A53h] 0x0000001a call 00007EFE90E7CF88h 0x0000001f pop edx 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 jl 00007EFE90E7CF76h 0x0000002a pop eax 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7091D3 second address: 709234 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 mov edi, dword ptr [ebp+122D59DEh] 0x0000000e jng 00007EFE91287568h 0x00000014 push 0000001Eh 0x00000016 mov edi, dword ptr [ebp+122D2EBFh] 0x0000001c nop 0x0000001d jo 00007EFE9128756Eh 0x00000023 push esi 0x00000024 jmp 00007EFE91287566h 0x00000029 pop esi 0x0000002a push eax 0x0000002b push edi 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007EFE91287560h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70958A second address: 70958E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70958E second address: 709594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 709594 second address: 6E74C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF7Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b pushad 0x0000000c jmp 00007EFE90E7CF85h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pop esi 0x00000015 nop 0x00000016 mov edx, dword ptr [ebp+122D2B97h] 0x0000001c call dword ptr [ebp+122D209Fh] 0x00000022 push eax 0x00000023 push edx 0x00000024 jg 00007EFE90E7CF82h 0x0000002a push eax 0x0000002b push edx 0x0000002c jns 00007EFE90E7CF76h 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74DD0A second address: 74DD0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74DD0E second address: 74DD35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007EFE90E2C7C5h 0x0000000f ja 00007EFE90E2C7B8h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74DD35 second address: 74DD3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74DD3B second address: 74DD3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74E02F second address: 74E03A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74E2D5 second address: 74E2D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 751D30 second address: 751D36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 751D36 second address: 751D48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE90E2C7BDh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 751D48 second address: 751D52 instructions: 0x00000000 rdtsc 0x00000002 js 00007EFE90BCC49Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75504B second address: 755051 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 755051 second address: 75506B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE90BCC4A5h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75506B second address: 755098 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E2C7C3h 0x00000007 pushad 0x00000008 jmp 00007EFE90E2C7BFh 0x0000000d jl 00007EFE90E2C7B6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7549AF second address: 7549BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007EFE90BCC496h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7549BC second address: 7549C1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7549C1 second address: 7549C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 754B59 second address: 754B5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 754B5F second address: 754B63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 754B63 second address: 754B67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 754CD3 second address: 754D21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFE90BCC49Bh 0x00000008 push esi 0x00000009 pop esi 0x0000000a jc 00007EFE90BCC496h 0x00000010 popad 0x00000011 push esi 0x00000012 jnc 00007EFE90BCC496h 0x00000018 jmp 00007EFE90BCC49Fh 0x0000001d pop esi 0x0000001e pop edx 0x0000001f pop eax 0x00000020 pushad 0x00000021 push edi 0x00000022 jmp 00007EFE90BCC4A8h 0x00000027 pop edi 0x00000028 push esi 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7574EC second address: 7574FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007EFE90E2C7BAh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7570B9 second address: 7570DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90BCC49Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007EFE90BCC4A0h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75C9FE second address: 75CA0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jns 00007EFE90E2C7B6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75CA0A second address: 75CA32 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90BCC4A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007EFE90BCC4A1h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75CBAF second address: 75CBB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 760B01 second address: 760B07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 760B07 second address: 760B0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 760B0B second address: 760B1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 760B1D second address: 760B21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 760B21 second address: 760B25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 760B25 second address: 760B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765E0B second address: 765E35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90BCC4A5h 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007EFE90BCC496h 0x0000000f jmp 00007EFE90BCC49Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765E35 second address: 765E3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765E3B second address: 765E56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 je 00007EFE90BCC49Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765F88 second address: 765F94 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jbe 00007EFE90E2C7B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 765F94 second address: 765F9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 709068 second address: 70906D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70906D second address: 70907E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFE90BCC49Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 766D73 second address: 766D7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007EFE90E2C7B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 766D7D second address: 766D81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 766D81 second address: 766D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007EFE90E2C7B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 766D91 second address: 766D95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76DA0A second address: 76DA0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76DA0E second address: 76DA18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76DA18 second address: 76DA1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76DA1C second address: 76DA2B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007EFE90BCC496h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76DCB5 second address: 76DCD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE90E2C7BBh 0x00000009 popad 0x0000000a jmp 00007EFE90E2C7BAh 0x0000000f js 00007EFE90E2C7BCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76DCD7 second address: 76DD07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007EFE90BCC4A9h 0x0000000c jmp 00007EFE90BCC4A0h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76E24A second address: 76E268 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E2C7C8h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76E547 second address: 76E566 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007EFE90BCC49Fh 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76E566 second address: 76E582 instructions: 0x00000000 rdtsc 0x00000002 js 00007EFE90E2C7B6h 0x00000008 jmp 00007EFE90E2C7BAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jg 00007EFE90E2C7B8h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76EA95 second address: 76EACD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90BCC4A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007EFE90BCC498h 0x0000000f push ecx 0x00000010 pushad 0x00000011 popad 0x00000012 pop ecx 0x00000013 popad 0x00000014 pushad 0x00000015 push ebx 0x00000016 push edx 0x00000017 pop edx 0x00000018 push edi 0x00000019 pop edi 0x0000001a pop ebx 0x0000001b pushad 0x0000001c je 00007EFE90BCC496h 0x00000022 jnp 00007EFE90BCC496h 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76EACD second address: 76EAEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007EFE90E2C7C9h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77B187 second address: 77B1A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE90BCC4A8h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77B1A4 second address: 77B1B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007EFE90E2C7B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77B1B0 second address: 77B1B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A6AB second address: 77A6B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007EFE90E2C7C6h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A6B9 second address: 77A6BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A803 second address: 77A807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A807 second address: 77A83D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jng 00007EFE90BCC496h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jnc 00007EFE90BCC496h 0x00000013 push edx 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007EFE90BCC4A9h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A83D second address: 77A841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A841 second address: 77A847 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A847 second address: 77A84F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77A84F second address: 77A853 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77AC3F second address: 77AC44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77AC44 second address: 77AC5C instructions: 0x00000000 rdtsc 0x00000002 je 00007EFE90BCC4A2h 0x00000008 je 00007EFE90BCC496h 0x0000000e jnc 00007EFE90BCC496h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77AC5C second address: 77AC60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77DC2A second address: 77DC2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77DC2E second address: 77DC36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 785D15 second address: 785D44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007EFE90BCC496h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007EFE90BCC4A6h 0x00000012 push edx 0x00000013 pop edx 0x00000014 jmp 00007EFE90BCC49Eh 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d jnp 00007EFE90BCC496h 0x00000023 push ecx 0x00000024 pop ecx 0x00000025 pop eax 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78432B second address: 784331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 784331 second address: 78434E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 js 00007EFE90BCC49Eh 0x0000000f js 00007EFE90BCC496h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a pop eax 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78434E second address: 784388 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E2C7C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007EFE90E2C7D0h 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7848FA second address: 784904 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007EFE90BCC496h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 784A4E second address: 784A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 784A54 second address: 784A62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 jc 00007EFE90BCC496h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 784A62 second address: 784A78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jg 00007EFE90E2C7BEh 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 784BF5 second address: 784C1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pushad 0x0000000a jnc 00007EFE90BCC498h 0x00000010 jmp 00007EFE90BCC49Bh 0x00000015 push eax 0x00000016 push edx 0x00000017 jns 00007EFE90BCC496h 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 784C1C second address: 784C39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E2C7C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 784C39 second address: 784C58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE90BCC4A7h 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 785B9D second address: 785BA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 783B36 second address: 783B48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007EFE90BCC49Eh 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 783B48 second address: 783B4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 798936 second address: 798957 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007EFE90BCC4A9h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DAAE second address: 79DAB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DAB2 second address: 79DACF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90BCC4A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007EFE90BCC498h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DACF second address: 79DAD4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DAD4 second address: 79DAE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007EFE90BCC496h 0x0000000a jne 00007EFE90BCC496h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79DAE9 second address: 79DB03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E2C7C6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A1210 second address: 7A122A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90B8E8CCh 0x00000007 jo 00007EFE90B8E8C6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A122A second address: 7A122E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A122E second address: 7A1234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A6B0A second address: 7A6B2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90C25162h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007EFE90C2515Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B4D7E second address: 7B4D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B4D87 second address: 7B4D8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B4D8B second address: 7B4D9B instructions: 0x00000000 rdtsc 0x00000002 js 00007EFE90B8E8C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B4EE0 second address: 7B4EE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B4EE4 second address: 7B4F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE90B8E8D0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007EFE90B8E8CCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B4F02 second address: 7B4F23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jmp 00007EFE90C25169h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B51FC second address: 7B5227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b jnc 00007EFE90B8E8DAh 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 push eax 0x00000015 pop eax 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B5227 second address: 7B522D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B5680 second address: 7B568A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007EFE90B8E8C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BA057 second address: 7BA06D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007EFE90C2515Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BA06D second address: 7BA082 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFE90B8E8D0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BCCD0 second address: 7BCCD7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BC83A second address: 7BC845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BC845 second address: 7BC852 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BC99C second address: 7BC9A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C680D second address: 7C6817 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C6817 second address: 7C681D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C8050 second address: 7C8056 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CBE32 second address: 7CBE4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 je 00007EFE90B8E8CEh 0x0000000b jo 00007EFE90B8E8C6h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jo 00007EFE90B8E8C6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E0756 second address: 7E0769 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90C2515Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E08FC second address: 7E0917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007EFE90B8E8D2h 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E943A second address: 7E944C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFE90C2515Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EAE12 second address: 7EAE1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007EFE90B8E8C6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EE726 second address: 7EE740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE90C25166h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E4083 second address: 7E408C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7039CE second address: 7039D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 54DB40 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 6F7573 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 71C69E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 7084A0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 78CF81 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeMemory allocated: 4B20000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\file.exeMemory allocated: 4CD0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\file.exeMemory allocated: 6CD0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D227F rdtsc 0_2_006D227F
Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2268Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
Source: C:\Users\user\Desktop\file.exeFile opened: SICE
Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D227F rdtsc 0_2_006D227F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054B7DA LdrInitializeThunk,0_2_0054B7DA
Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior
Source: file.exe, 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00723101 GetSystemTime,GetFileTime,0_2_00723101

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Source: C:\Users\user\Desktop\file.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableIOAVProtection 1Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableRealtimeMonitoring 1Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\NotificationsRegistry value created: DisableNotifications 1Jump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry value created: TamperProtection 0Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptionsJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdatesJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocationsJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading
1
Process Injection
1
Masquerading
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
41
Disable or Modify Tools
LSASS Memory641
Security Software Discovery
Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
Bypass User Account Control
261
Virtualization/Sandbox Evasion
Security Account Manager2
Process Discovery
SMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection
NTDS261
Virtualization/Sandbox Evasion
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information
LSA Secrets23
System Information Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
Obfuscated Files or Information
Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
Software Packing
DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading
Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
Bypass User Account Control
/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
file.exe100%Joe Sandbox ML
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
ax-0001.ax-msedge.net
150.171.27.10
truefalse
    high
    fp2e7a.wpc.phicdn.net
    192.229.221.95
    truefalse
      high
      tse1.mm.bing.net
      unknown
      unknownfalse
        high
        No contacted IP infos
        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1561630
        Start date and time:2024-11-24 02:13:05 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 2m 33s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:9
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:file.exe
        Detection:MAL
        Classification:mal100.evad.winEXE@1/1@1/0
        EGA Information:
        • Successful, ratio: 100%
        HCA Information:Failed
        Cookbook Comments:
        • Found application associated with file extension: .exe
        • Stop behavior analysis, all processes terminated
        • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, SIHClient.exe, backgroundTaskHost.exe
        • Excluded IPs from analysis (whitelisted): 2.16.158.81, 2.16.158.176, 2.16.158.82, 2.16.158.83, 2.16.158.91, 2.16.158.96, 2.16.158.169, 2.16.158.75, 2.16.158.90
        • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, otelrules.azureedge.net, mm-mm.bing.net.trafficmanager.net, ocsp.edge.digicert.com, ctldl.windowsupdate.com, arc.msn.com, www-www.bing.com.trafficmanager.net
        • Report size getting too big, too many NtProtectVirtualMemory calls found.
        No simulations
        No context
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        ax-0001.ax-msedge.netfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
        • 150.171.27.10
        file.exeGet hashmaliciousCredential FlusherBrowse
        • 150.171.27.10
        17323828261cfef277a3375a886445bf7f5a834ebb1cc85e533e9ac93595cd0e56ebd12426132.dat-decoded.exeGet hashmaliciousXWormBrowse
        • 150.171.27.10
        https://myqrcode.mobi/qr/3c3aa5e1/viewGet hashmaliciousUnknownBrowse
        • 150.171.27.10
        file.exeGet hashmaliciousCredential FlusherBrowse
        • 150.171.27.10
        file.exeGet hashmaliciousStealcBrowse
        • 150.171.27.10
        decode_8dad31e2f9be3de071939da6e14b6f6e8366fd10a6e77ff91ad879dc0abe6334.exeGet hashmaliciousPureLog StealerBrowse
        • 150.171.28.10
        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
        • 150.171.28.10
        file.exeGet hashmaliciousLummaC StealerBrowse
        • 150.171.28.10
        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
        • 150.171.27.10
        fp2e7a.wpc.phicdn.netfile.exeGet hashmaliciousCredential FlusherBrowse
        • 192.229.221.95
        file.exeGet hashmaliciousAmadey, Clipboard Hijacker, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
        • 192.229.221.95
        decode_8dad31e2f9be3de071939da6e14b6f6e8366fd10a6e77ff91ad879dc0abe6334.exeGet hashmaliciousPureLog StealerBrowse
        • 192.229.221.95
        file.exeGet hashmaliciousUnknownBrowse
        • 192.229.221.95
        n5QCsKJ0CP.exeGet hashmaliciousRedLineBrowse
        • 192.229.221.95
        file.exeGet hashmaliciousStealcBrowse
        • 192.229.221.95
        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
        • 192.229.221.95
        file.exeGet hashmaliciousStealcBrowse
        • 192.229.221.95
        https://identitys.fraudguard.es/SSA_Updated_StatementGet hashmaliciousScreenConnect ToolBrowse
        • 192.229.221.95
        SeT_up.exeGet hashmaliciousLummaC StealerBrowse
        • 192.229.221.95
        No context
        No context
        No context
        Process:C:\Users\user\Desktop\file.exe
        File Type:CSV text
        Category:dropped
        Size (bytes):226
        Entropy (8bit):5.360398796477698
        Encrypted:false
        SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
        MD5:3A8957C6382192B71471BD14359D0B12
        SHA1:71B96C965B65A051E7E7D10F61BEBD8CCBB88587
        SHA-256:282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
        SHA-512:76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
        Malicious:true
        Reputation:high, very likely benign file
        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..
        File type:PE32 executable (GUI) Intel 80386, for MS Windows
        Entropy (8bit):6.461708622667957
        TrID:
        • Win32 Executable (generic) a (10002005/4) 99.96%
        • Generic Win/DOS Executable (2004/3) 0.02%
        • DOS Executable Generic (2002/1) 0.02%
        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
        File name:file.exe
        File size:2'832'384 bytes
        MD5:f2742a9288b543dfd082fe555fc135e7
        SHA1:3324370e94527fcf80ef571f9c1819d59b0b2f23
        SHA256:dace3504559fca2ba342fa83836e916775514060f4772cdeb263b91906a23d46
        SHA512:8bcd629e3d52f6f89b068169717d060be2a2fad5230d86e5b1844a3c55d8e0830bf331a92d7f6e1e88f2f8b876823f0d9dfcc77f98f6db1ed86fd8daa1c8ad23
        SSDEEP:49152:ltCo8LSoRZulJhS6oBQUbzu2InEB/cPxf:lQLrfulJhS6CQUbzdInDf
        TLSH:C1D55CA27909B1CFE48E27B89527CE865D6D03B9572048D7982C747F7E63CC125BBC28
        File Content Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. ........................+.......+...`................................
        Icon Hash:00928e8e8686b000
        Entrypoint:0x6ba000
        Entrypoint Section:.taggant
        Digitally signed:false
        Imagebase:0x400000
        Subsystem:windows gui
        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE
        Time Stamp:0x652C2850 [Sun Oct 15 17:58:40 2023 UTC]
        TLS Callbacks:
        CLR (.Net) Version:
        OS Version Major:4
        OS Version Minor:0
        File Version Major:4
        File Version Minor:0
        Subsystem Version Major:4
        Subsystem Version Minor:0
        Import Hash:2eabe9054cad5152567f0699947a2c5b
        Instruction
        jmp 00007EFE90DF50BAh
        movhps xmm5, qword ptr [ebx]
        add byte ptr [eax], al
        add byte ptr [eax], al
        add cl, ch
        add byte ptr [eax], ah
        add byte ptr [eax], al
        add byte ptr [0000000Ah], al
        add byte ptr [eax], al
        add byte ptr [eax], dh
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax+eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add eax, 0000000Ah
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [ecx], cl
        add byte ptr [eax], 00000000h
        add byte ptr [eax], al
        add byte ptr [eax], al
        adc byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add al, 0Ah
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        NameVirtual AddressVirtual Size Is in Section
        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IMPORT0x80550x69.idata
        IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x59c.rsrc
        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
        IMAGE_DIRECTORY_ENTRY_BASERELOC0x81f80x8.idata
        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
        0x20000x40000x12001d22276a1839be1caca29c3578b21adfFalse0.9325086805555556data7.796841578474847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .rsrc0x60000x59c0x600aae15e30898a02f09cc86ed48aa06b09False0.4140625data4.036947054771808IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .idata 0x80000x20000x200ec9cb51e8cb4ea49a56ee3cf434fb69eFalse0.1484375data0.9342685949460681IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        rqwfzwob0xa0000x2ae0000x2ad800a7b2403c181e78324aedfa3e59cf7cdcunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        llcfprjm0x2b80000x20000x400625cef47400a180a7df11cd05234d770False0.8525390625data6.440536108847285IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .taggant0x2ba0000x40000x22004802df1fc50d4d74c54ea94c84494b8aFalse0.062270220588235295DOS executable (COM)0.7676753484118108IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        NameRVASizeTypeLanguageCountryZLIB Complexity
        RT_VERSION0x60900x30cdata0.42948717948717946
        RT_MANIFEST0x63ac0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
        DLLImport
        kernel32.dlllstrcpy
        TimestampSource PortDest PortSource IPDest IP
        Nov 24, 2024 02:14:08.630716085 CET4921553192.168.2.61.1.1.1
        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Nov 24, 2024 02:14:08.630716085 CET192.168.2.61.1.1.10xd8eaStandard query (0)tse1.mm.bing.netA (IP address)IN (0x0001)false
        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Nov 24, 2024 02:13:56.005748987 CET1.1.1.1192.168.2.60x7eabNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
        Nov 24, 2024 02:13:56.005748987 CET1.1.1.1192.168.2.60x7eabNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
        Nov 24, 2024 02:14:08.974639893 CET1.1.1.1192.168.2.60xd8eaNo error (0)tse1.mm.bing.netmm-mm.bing.net.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
        Nov 24, 2024 02:14:08.974639893 CET1.1.1.1192.168.2.60xd8eaNo error (0)ax-0001.ax-msedge.net150.171.27.10A (IP address)IN (0x0001)false
        Nov 24, 2024 02:14:08.974639893 CET1.1.1.1192.168.2.60xd8eaNo error (0)ax-0001.ax-msedge.net150.171.28.10A (IP address)IN (0x0001)false

        Click to jump to process

        Click to jump to process

        Click to dive into process behavior distribution

        Target ID:0
        Start time:20:13:58
        Start date:23/11/2024
        Path:C:\Users\user\Desktop\file.exe
        Wow64 process (32bit):true
        Commandline:"C:\Users\user\Desktop\file.exe"
        Imagebase:0x540000
        File size:2'832'384 bytes
        MD5 hash:F2742A9288B543DFD082FE555FC135E7
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true

        Reset < >

          Execution Graph

          Execution Coverage:5.5%
          Dynamic/Decrypted Code Coverage:4.6%
          Signature Coverage:1.2%
          Total number of Nodes:260
          Total number of Limit Nodes:14
          execution_graph 7698 720c76 7705 71efb4 GetCurrentThreadId 7698->7705 7701 720ca0 7703 720cd1 GetModuleHandleExA 7701->7703 7704 720ca8 7701->7704 7703->7704 7706 71efcc 7705->7706 7707 71f013 7706->7707 7708 71f002 Sleep 7706->7708 7707->7701 7709 71f6c6 7707->7709 7708->7706 7710 71f714 7709->7710 7711 71f6d7 7709->7711 7710->7701 7711->7710 7713 71f567 7711->7713 7714 71f594 7713->7714 7715 71f5c2 PathAddExtensionA 7714->7715 7716 71f5dd 7714->7716 7724 71f69a 7714->7724 7715->7716 7721 71f5ff 7716->7721 7725 71f208 7716->7725 7718 71f648 7719 71f671 7718->7719 7720 71f208 lstrcmpiA 7718->7720 7718->7724 7723 71f208 lstrcmpiA 7719->7723 7719->7724 7720->7719 7721->7718 7722 71f208 lstrcmpiA 7721->7722 7721->7724 7722->7718 7723->7724 7724->7711 7726 71f226 7725->7726 7727 71f23d 7726->7727 7729 71f185 7726->7729 7727->7721 7730 71f1b0 7729->7730 7731 71f1e2 lstrcmpiA 7730->7731 7732 71f1f8 7730->7732 7731->7732 7732->7727 7972 6d2308 7973 6d2338 CreateFileA 7972->7973 7974 6d232a 7972->7974 7975 6d234e 7973->7975 7974->7973 7733 4b610f0 7734 4b61131 7733->7734 7737 721d08 7734->7737 7735 4b61151 7738 71efb4 2 API calls 7737->7738 7739 721d14 7738->7739 7740 721d3d 7739->7740 7741 721d2d 7739->7741 7743 721d42 CloseHandle 7740->7743 7745 720df4 7741->7745 7744 721d33 7743->7744 7744->7735 7748 71ee5f 7745->7748 7749 71ee75 7748->7749 7750 71ee8f 7749->7750 7752 71ee43 7749->7752 7750->7744 7755 720dcd CloseHandle 7752->7755 7754 71ee53 7754->7750 7756 720de1 7755->7756 7756->7754 7976 4b61510 7977 4b61558 ControlService 7976->7977 7978 4b6158f 7977->7978 7757 6d1fe5 CreateFileA 7758 6d1fff 7757->7758 7759 72423b 7760 71efb4 2 API calls 7759->7760 7761 724247 7760->7761 7762 7242af MapViewOfFileEx 7761->7762 7763 724260 7761->7763 7762->7763 7979 54ee7d 7980 54ee81 VirtualAlloc 7979->7980 7982 54f203 7980->7982 7983 6d2147 7984 6d215a CreateFileA 7983->7984 7985 6d2156 7983->7985 7986 6d2164 7984->7986 7985->7984 7764 7238fe 7766 723907 7764->7766 7767 71efb4 2 API calls 7766->7767 7768 723913 7767->7768 7769 723963 ReadFile 7768->7769 7770 72392c 7768->7770 7769->7770 7771 54b7da 7772 54b7df 7771->7772 7773 54b94a LdrInitializeThunk 7772->7773 7987 7240dd 7989 7240e9 7987->7989 7991 724101 7989->7991 7992 72412b 7991->7992 7993 724017 7991->7993 7995 724023 7993->7995 7996 71efb4 2 API calls 7995->7996 7997 724036 7996->7997 7998 724074 7997->7998 7999 7240af 7997->7999 8002 724050 7997->8002 7998->8002 8003 7216ee 7998->8003 8000 7240b4 CreateFileMappingA 7999->8000 8000->8002 8005 721705 8003->8005 8004 721802 8004->8002 8005->8004 8006 72176e CreateFileA 8005->8006 8007 7217b3 8006->8007 8007->8004 8008 720dcd CloseHandle 8007->8008 8008->8004 7774 720b23 7776 720b2f 7774->7776 7777 720b43 7776->7777 7779 720b6b 7777->7779 7780 720b84 7777->7780 7782 720b8d 7780->7782 7783 720b9c 7782->7783 7784 720ba4 7783->7784 7785 71efb4 2 API calls 7783->7785 7786 720c47 GetModuleHandleW 7784->7786 7787 720c55 GetModuleHandleA 7784->7787 7788 720bae 7785->7788 7791 720bdc 7786->7791 7787->7791 7789 720bc9 7788->7789 7790 71f6c6 2 API calls 7788->7790 7789->7784 7789->7791 7790->7789 7792 7208e1 7794 7208ea 7792->7794 7795 7208f9 7794->7795 7796 720901 7795->7796 7798 71efb4 2 API calls 7795->7798 7797 72092e GetProcAddress 7796->7797 7803 720924 7797->7803 7799 72090b 7798->7799 7800 72091b 7799->7800 7801 720929 7799->7801 7804 720342 7800->7804 7801->7797 7805 720361 7804->7805 7809 72042e 7804->7809 7806 72039e lstrcmpiA 7805->7806 7807 7203c8 7805->7807 7805->7809 7806->7805 7806->7807 7807->7809 7810 72028b 7807->7810 7809->7803 7811 72029c 7810->7811 7812 7202cc lstrcpyn 7811->7812 7817 720327 7811->7817 7814 7202e8 7812->7814 7812->7817 7814->7817 7818 71f7d0 7814->7818 7817->7809 7828 720613 7818->7828 7833 72067a 7828->7833 7835 720687 7833->7835 7836 72069d 7835->7836 7837 71efb4 2 API calls 7836->7837 7846 7206a5 7836->7846 7840 7206c7 7837->7840 7838 720772 7866 7204b2 7838->7866 7839 720785 7842 7207a3 LoadLibraryExA 7839->7842 7843 72078f LoadLibraryExW 7839->7843 7845 71f6c6 2 API calls 7840->7845 7844 720749 7842->7844 7843->7844 7847 7206d8 7845->7847 7846->7838 7846->7839 7847->7846 7848 720706 7847->7848 7850 71fff2 7848->7850 7851 720018 7850->7851 7852 72000e 7850->7852 7870 71f845 7851->7870 7852->7844 7857 720804 3 API calls 7857->7852 7859 720068 7860 720095 7859->7860 7865 7200cd 7859->7865 7880 71fa23 7859->7880 7884 71fcbe 7860->7884 7863 7200a0 7863->7865 7889 71fc35 7863->7889 7865->7852 7865->7857 7867 7204bd 7866->7867 7868 7204de LoadLibraryExA 7867->7868 7869 7204cd 7867->7869 7868->7869 7869->7844 7871 71f861 7870->7871 7873 71f8ba 7870->7873 7872 71f891 VirtualAlloc 7871->7872 7871->7873 7872->7873 7873->7852 7874 71f8eb VirtualAlloc 7873->7874 7875 71f930 7874->7875 7875->7865 7876 71f968 7875->7876 7879 71f990 7876->7879 7877 71fa07 7877->7859 7878 71f9a9 VirtualAlloc 7878->7877 7878->7879 7879->7877 7879->7878 7881 71fa3e 7880->7881 7883 71fa43 7880->7883 7881->7860 7882 71fa76 lstrcmpiA 7882->7881 7882->7883 7883->7881 7883->7882 7885 71fdca 7884->7885 7887 71fceb 7884->7887 7885->7863 7886 71f7d0 16 API calls 7886->7887 7887->7885 7887->7886 7888 7208e1 16 API calls 7887->7888 7888->7887 7891 71fc5e 7889->7891 7890 71fc76 VirtualProtect 7890->7891 7892 71fc9f 7890->7892 7891->7890 7891->7892 7892->7865 8009 6cf21a 8010 6cf290 LoadLibraryA 8009->8010 8011 6cf220 8009->8011 8012 6cf2a1 8010->8012 8011->8010 8013 723584 8015 723590 8013->8015 8016 71efb4 2 API calls 8015->8016 8017 72359c 8016->8017 8019 7235bc 8017->8019 8020 7234db 8017->8020 8022 7234e7 8020->8022 8023 7234fb 8022->8023 8024 71efb4 2 API calls 8023->8024 8025 723513 8024->8025 8033 71f718 8025->8033 8028 72353e 8029 71f6c6 2 API calls 8030 723536 8029->8030 8030->8028 8031 72355a GetFileAttributesW 8030->8031 8032 72356b GetFileAttributesA 8030->8032 8031->8028 8032->8028 8034 71f7cc 8033->8034 8035 71f72c 8033->8035 8034->8028 8034->8029 8035->8034 8036 71f567 2 API calls 8035->8036 8036->8035 7913 7237eb 7915 7237f7 7913->7915 7916 71efb4 2 API calls 7915->7916 7917 723803 7916->7917 7918 723823 7917->7918 7920 7236f7 7917->7920 7922 723703 7920->7922 7923 723717 7922->7923 7924 71efb4 2 API calls 7923->7924 7925 72372f 7924->7925 7926 723744 7925->7926 7946 723610 7925->7946 7930 72374c 7926->7930 7938 7236b5 IsBadWritePtr 7926->7938 7932 7237c0 CreateFileA 7930->7932 7933 72379d CreateFileW 7930->7933 7931 71f6c6 2 API calls 7934 72377f 7931->7934 7937 72378d 7932->7937 7933->7937 7934->7930 7935 723787 7934->7935 7940 720f0a 7935->7940 7939 7236d7 7938->7939 7939->7930 7939->7931 7942 720f17 7940->7942 7941 720f50 CreateFileA 7944 720f9c 7941->7944 7942->7941 7943 721012 7942->7943 7943->7937 7944->7943 7945 720dcd CloseHandle 7944->7945 7945->7943 7948 72361f GetWindowsDirectoryA 7946->7948 7949 723649 7948->7949 8037 7207cb 8038 720613 16 API calls 8037->8038 8039 7207de 8038->8039 7950 72306f 7951 71efb4 2 API calls 7950->7951 7952 72307b GetCurrentProcess 7951->7952 7953 7230c7 7952->7953 7955 72308b 7952->7955 7954 7230cc DuplicateHandle 7953->7954 7958 7230c2 7954->7958 7955->7953 7956 7230b6 7955->7956 7959 720e0c 7956->7959 7962 720e36 7959->7962 7960 720ec9 7960->7958 7961 720df4 CloseHandle 7961->7960 7962->7960 7962->7961 7963 7207ec 7966 72062c 7963->7966 7968 720638 7966->7968 7969 72064d 7968->7969 7970 72067a 16 API calls 7969->7970 7971 72066b 7969->7971 7970->7971 8040 4b61308 8041 4b61349 ImpersonateLoggedOnUser 8040->8041 8042 4b61376 8041->8042 8043 4b60d48 8044 4b60d93 OpenSCManagerW 8043->8044 8046 4b60ddc 8044->8046

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 85 6d227f-6d2280 86 6d228c-6d22a1 85->86 87 6d2286 85->87 88 6d22ad 86->88 89 6d22a7-6d22ac 86->89 87->86 90 6d22b5-6d2324 88->90 91 6d22b3-6d22b4 88->91 89->88 96 6d2338-6d2348 CreateFileA 90->96 97 6d232a-6d2337 90->97 91->90 99 6d234e-6d2361 call 6d2363 96->99 100 6d2398-6d239b 96->100 97->96 99->100 102 6d23a7-6d2413 100->102 103 6d23a1 100->103 109 6d2419 102->109 110 6d2424-6d242b 102->110 103->102 109->110 111 6d2437-6d2479 110->111 112 6d2431 110->112 117 6d247f 111->117 112->111 117->117
          APIs
          • CreateFileA.KERNELBASE(-006A5F13,006D227B,00000003), ref: 006D2341
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CreateFile
          • String ID: C
          • API String ID: 823142352-1037565863
          • Opcode ID: 5b8f9e51d1ac1940cec41a98a72d1f5ae77a63fa3cfb9a91bdc3a798cc3be9eb
          • Instruction ID: 57b45e2011d3ddb433004942b1ab982e92f2c96082307ae7692aedd1ac8b465f
          • Opcode Fuzzy Hash: 5b8f9e51d1ac1940cec41a98a72d1f5ae77a63fa3cfb9a91bdc3a798cc3be9eb
          • Instruction Fuzzy Hash: 7931F7FB5481167EB605CE46AF20DFF77AEE5E2730731842BF842C6A06D3690E4A6135
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID:
          • String ID: !!iH
          • API String ID: 0-3430752988
          • Opcode ID: dc08613623d91fc8370f4477e4bbfae82fdd701747993c59052cc6cfcdd54403
          • Instruction ID: c18f536b9e5cdf6cb9e555ec1018ee839b99a3b39f1aaf50f50a1803f6e3c67e
          • Opcode Fuzzy Hash: dc08613623d91fc8370f4477e4bbfae82fdd701747993c59052cc6cfcdd54403
          • Instruction Fuzzy Hash: EEE0863110848ACEFB16DF7489057D93E19FB80708F500A15BA414AE45CB2D8D128755

          Control-flow Graph

          APIs
          • LoadLibraryExW.KERNEL32(?,?,?), ref: 00720798
          • LoadLibraryExA.KERNELBASE(00000000,?,?), ref: 007207AC
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: LibraryLoad
          • String ID: .dll$.exe$1002
          • API String ID: 1029625771-847511843
          • Opcode ID: e85813d98a00621096adddc62080fe156be64e1766c77fd63244fbd407e74bf9
          • Instruction ID: 98c4a83e24900c0bd7a1299c88840b89900884c5e42aa38433f9540b6ffa6952
          • Opcode Fuzzy Hash: e85813d98a00621096adddc62080fe156be64e1766c77fd63244fbd407e74bf9
          • Instruction Fuzzy Hash: D6317C35404269FFCF21AF54E908AAD7B75FF18340F108125F906662A3C779AAA1DFE1

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 37 720b8d-720b9e call 7204f1 40 720ba4 37->40 41 720ba9-720bb2 call 71efb4 37->41 42 720c3d-720c41 40->42 48 720be6-720bed 41->48 49 720bb8-720bc4 call 71f6c6 41->49 44 720c47-720c50 GetModuleHandleW 42->44 45 720c55-720c58 GetModuleHandleA 42->45 47 720c5e 44->47 45->47 51 720c68-720c6a 47->51 52 720bf3-720bfa 48->52 53 720c38 call 71f05f 48->53 55 720bc9-720bcb 49->55 52->53 56 720c00-720c07 52->56 53->42 55->53 57 720bd1-720bd6 55->57 56->53 58 720c0d-720c14 56->58 57->53 59 720bdc-720c63 call 71f05f 57->59 58->53 60 720c1a-720c2e 58->60 59->51 60->53
          APIs
          • GetModuleHandleW.KERNEL32(?,?,?,?,00720B1F,?,00000000,00000000), ref: 00720C4A
          • GetModuleHandleA.KERNEL32(00000000,?,?,?,00720B1F,?,00000000,00000000), ref: 00720C58
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: HandleModule
          • String ID: .dll
          • API String ID: 4139908857-2738580789
          • Opcode ID: fecafc817f87af5111872c45cd4a6d9034703b5fa9f6306e835ed2f60e8b5598
          • Instruction ID: 1528dba8d85ede04456d94f99b9727c177b4d8640d0e65f8102d9e3f75c8f798
          • Opcode Fuzzy Hash: fecafc817f87af5111872c45cd4a6d9034703b5fa9f6306e835ed2f60e8b5598
          • Instruction Fuzzy Hash: 55113AB010972AEEEB309F24E90C7D87670EB41345F104325E442588E2C7BD99D5CAF1

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 64 7234e7-7234f5 65 723507 64->65 66 7234fb-723502 64->66 67 72350e-723524 call 71efb4 call 71f718 65->67 66->67 72 723543 67->72 73 72352a-723538 call 71f6c6 67->73 75 723547-72354a 72->75 78 72353e 73->78 79 72354f-723554 73->79 77 72357a-723581 call 71f05f 75->77 78->75 81 72355a-723566 GetFileAttributesW 79->81 82 72356b-72356e GetFileAttributesA 79->82 84 723574-723575 81->84 82->84 84->77
          APIs
          • GetFileAttributesW.KERNELBASE(00C9125C,-11D85FEC), ref: 00723560
          • GetFileAttributesA.KERNEL32(00000000,-11D85FEC), ref: 0072356E
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: AttributesFile
          • String ID: @
          • API String ID: 3188754299-2726393805
          • Opcode ID: 46e664ab421e20ddc91fa7b5e85f9c8d182fe822423f987b2f18c0f85d36acfc
          • Instruction ID: 5230ac0fd3dcb6600b5b51879d25eab7e3fcd004ce3de959fc09b5a46e5b7ae2
          • Opcode Fuzzy Hash: 46e664ab421e20ddc91fa7b5e85f9c8d182fe822423f987b2f18c0f85d36acfc
          • Instruction Fuzzy Hash: F6016970904A14FAEF219F3AE8097ACBE70EF40345F208024E50A690E1D7BD9BE1EB40

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 118 6d1f82-6d1f83 119 6d1f85-6d1fa2 call 6d1fa5 118->119 120 6d1fe6-6d1ff9 CreateFileA 118->120 122 6d1fff-6d200e call 6d2011 120->122 123 6d2398-6d239b 120->123 124 6d23a7-6d2413 123->124 125 6d23a1 123->125 133 6d2419 124->133 134 6d2424-6d242b 124->134 125->124 133->134 135 6d2437-6d2479 134->135 136 6d2431 134->136 141 6d247f 135->141 136->135 141->141
          APIs
          • CreateFileA.KERNELBASE(00000000), ref: 006D1FF0
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CreateFile
          • String ID: C
          • API String ID: 823142352-1037565863
          • Opcode ID: d8da0f36fbfde2886326d0170fc4e0be20778c025f3366711ed7a861ff929119
          • Instruction ID: 5c4d67764b6ae066415770cd730a073e799907a4bf86270f265b0de4d2439386
          • Opcode Fuzzy Hash: d8da0f36fbfde2886326d0170fc4e0be20778c025f3366711ed7a861ff929119
          • Instruction Fuzzy Hash: 61213CB290820AAEE710CF00D961AFF77EEDBA6331F21451BF841C6B51D36A0D15A229

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 142 71f567-71f597 144 71f6c2-71f6c3 142->144 145 71f59d-71f5b2 142->145 145->144 147 71f5b8-71f5bc 145->147 148 71f5c2-71f5d4 PathAddExtensionA 147->148 149 71f5de-71f5e5 147->149 152 71f5dd 148->152 150 71f607-71f60e 149->150 151 71f5eb-71f5fa call 71f208 149->151 154 71f650-71f657 150->154 155 71f614-71f61b 150->155 156 71f5ff-71f601 151->156 152->149 159 71f679-71f680 154->159 160 71f65d-71f673 call 71f208 154->160 157 71f621-71f62a 155->157 158 71f634-71f643 call 71f208 155->158 156->144 156->150 157->158 164 71f630 157->164 169 71f648-71f64a 158->169 162 71f6a2-71f6a9 159->162 163 71f686-71f69c call 71f208 159->163 160->144 160->159 162->144 168 71f6af-71f6bc call 71f241 162->168 163->144 163->162 164->158 168->144 169->144 169->154
          APIs
          • PathAddExtensionA.KERNELBASE(?,00000000), ref: 0071F5C9
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: ExtensionPath
          • String ID: \\?\
          • API String ID: 158807944-4282027825
          • Opcode ID: 96623bb340c173ba9080a49e1b787d24a0b24b8218ebe3ea372e0fc008417b7d
          • Instruction ID: e8d5d6a9822664221ae7c15cfc8975068d8e8e8d1af774e71114b8b551644c12
          • Opcode Fuzzy Hash: 96623bb340c173ba9080a49e1b787d24a0b24b8218ebe3ea372e0fc008417b7d
          • Instruction Fuzzy Hash: 3431F936A0020ABFDF21DF98D919BDEB776FF44344F000165F941A50B0D7BA9AA1DB50

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 173 720c76-720c89 call 71efb4 176 720c8f-720c9b call 71f6c6 173->176 177 720ccc-720ce0 call 71f05f GetModuleHandleExA 173->177 181 720ca0-720ca2 176->181 183 720cea-720cec 177->183 181->177 182 720ca8-720caf 181->182 184 720cb5 182->184 185 720cb8-720ce5 call 71f05f 182->185 184->185 185->183
          APIs
            • Part of subcall function 0071EFB4: GetCurrentThreadId.KERNEL32 ref: 0071EFC3
            • Part of subcall function 0071EFB4: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 0071F006
          • GetModuleHandleExA.KERNELBASE(?,?,?), ref: 00720CDA
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CurrentHandleModuleSleepThread
          • String ID: .dll
          • API String ID: 683542999-2738580789
          • Opcode ID: a4a817df5f874c06e310d7764343dfe2c0b148547484372ddf71f6225f91a7f5
          • Instruction ID: b6ac425751d0c1f777a5c5e37a514951f87e5b73a0f17f24526ec96e22c91c3d
          • Opcode Fuzzy Hash: a4a817df5f874c06e310d7764343dfe2c0b148547484372ddf71f6225f91a7f5
          • Instruction Fuzzy Hash: 09F06DB1100205EFDF109F58D989ADD7BA4FF14300F108225FE05491A7C379D9D1AAB1

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 188 723703-723711 189 723723 188->189 190 723717-72371e 188->190 191 72372a-723736 call 71efb4 189->191 190->191 194 723751-723761 call 7236b5 191->194 195 72373c-723746 call 723610 191->195 201 723773-723781 call 71f6c6 194->201 202 723767-72376e 194->202 195->194 200 72374c 195->200 203 723792-723797 200->203 201->203 208 723787-723788 call 720f0a 201->208 202->203 205 7237c0-7237d5 CreateFileA 203->205 206 72379d-7237bb CreateFileW 203->206 209 7237db-7237dc 205->209 206->209 212 72378d 208->212 211 7237e1-7237e8 call 71f05f 209->211 212->211
          APIs
          • CreateFileW.KERNELBASE(00C9125C,?,?,-11D85FEC,?,?,?,-11D85FEC,?), ref: 007237B5
            • Part of subcall function 007236B5: IsBadWritePtr.KERNEL32(?,00000004), ref: 007236C3
          • CreateFileA.KERNEL32(?,?,?,-11D85FEC,?,?,?,-11D85FEC,?), ref: 007237D5
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CreateFile$Write
          • String ID:
          • API String ID: 1125675974-0
          • Opcode ID: 38c0449684f65f2aaf50255a7bb2a667b238cb2b48b571b4bfaa56976576f52e
          • Instruction ID: 5b3eefa2af452d0564dd95d7569820d8b9f2f846671ee6b6aef9521d233e876e
          • Opcode Fuzzy Hash: 38c0449684f65f2aaf50255a7bb2a667b238cb2b48b571b4bfaa56976576f52e
          • Instruction Fuzzy Hash: 0C1126B200415AFBDF229FA4ED89BAD3A32FF04344F108115F905242B1C77ECAA1EB81

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 215 72306f-723085 call 71efb4 GetCurrentProcess 218 7230c7-7230e9 call 71f05f DuplicateHandle 215->218 219 72308b-72308e 215->219 225 7230f3-7230f5 218->225 219->218 220 723094-723097 219->220 220->218 222 72309d-7230b0 call 71ee0e 220->222 222->218 227 7230b6-7230ee call 720e0c call 71f05f 222->227 227->225
          APIs
            • Part of subcall function 0071EFB4: GetCurrentThreadId.KERNEL32 ref: 0071EFC3
            • Part of subcall function 0071EFB4: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 0071F006
          • GetCurrentProcess.KERNEL32(-11D85FEC), ref: 0072307C
          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 007230E2
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: Current$DuplicateHandleProcessSleepThread
          • String ID:
          • API String ID: 2846201637-0
          • Opcode ID: 93508ed042c822ccb5c76c3a0427e4236097a9ee039a245c3a3b831372ad9fad
          • Instruction ID: a65128381992823a1e0bdb506bd43ec27a31b4c87ed14cd7b5ce651145a0b4e3
          • Opcode Fuzzy Hash: 93508ed042c822ccb5c76c3a0427e4236097a9ee039a245c3a3b831372ad9fad
          • Instruction Fuzzy Hash: C701FB3210014AFA8F22AFA4EC09CDE3B76FF98750B004515F905950A5C77DE6A2EB71

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 232 71efb4-71efca GetCurrentThreadId 233 71efcc-71efd8 232->233 234 71f013-71f020 233->234 235 71efde-71efe0 233->235 235->234 236 71efe6-71efed 235->236 238 71eff3-71effa 236->238 239 71f002-71f00e Sleep 236->239 238->239 240 71f000 238->240 239->233 240->239
          APIs
          • GetCurrentThreadId.KERNEL32 ref: 0071EFC3
          • Sleep.KERNELBASE(00000005,00050000,00000000), ref: 0071F006
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CurrentSleepThread
          • String ID:
          • API String ID: 1164918020-0
          • Opcode ID: 9abcbecb61aedfa7821a7878f27f3a4a78a874f260c44d8c3321dc49474ca06d
          • Instruction ID: ff6085e5632540e71d8c4b00ae9088f0d00c67481dfae9539b00662d014cc064
          • Opcode Fuzzy Hash: 9abcbecb61aedfa7821a7878f27f3a4a78a874f260c44d8c3321dc49474ca06d
          • Instruction Fuzzy Hash: 91F0BE31200609EBDB228F58D849BAEB7B4FF8430AF200179E50299581D7B85EC6DA91

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 241 6cf21a-6cf21e 242 6cf290-6cf292 LoadLibraryA 241->242 243 6cf220-6cf28a 241->243 244 6cf2a1-6cf3f6 242->244 243->242
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: LibraryLoad
          • String ID:
          • API String ID: 1029625771-0
          • Opcode ID: d5563dc2ffde051ebbf59910faa0737e093de163b78e915301d638a70541ede4
          • Instruction ID: 45b1912b59c0bdcbd78ef02825c73046abad6149225ee4f35baa89277a4018fb
          • Opcode Fuzzy Hash: d5563dc2ffde051ebbf59910faa0737e093de163b78e915301d638a70541ede4
          • Instruction Fuzzy Hash: 244129F250C610AFE715AF58D88277EF7E5EF88711F16482DE6D483600E6355840CB97

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 245 7216ee-7216ff 246 721705-721719 call 71f092 245->246 247 72172e-721737 call 71f092 245->247 258 72181c 246->258 259 72171f-72172d 246->259 251 721814-721817 call 71f0b7 247->251 252 72173d-72174e call 720ed0 247->252 251->258 260 721754-721758 252->260 261 72176e-7217ad CreateFileA 252->261 262 721823-721827 258->262 259->247 263 72176b 260->263 264 72175e-72176a 260->264 265 7217b3-7217d0 261->265 266 7217d1-7217d4 261->266 263->261 264->263 265->266 268 721807-72180f call 720d5f 266->268 269 7217da-7217f1 call 71edd4 266->269 268->258 269->262 276 7217f7-721802 call 720dcd 269->276 276->258
          APIs
          • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000,00000010), ref: 007217A3
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CreateFile
          • String ID:
          • API String ID: 823142352-0
          • Opcode ID: 5fdcd01e45c0138eb40e5407cb64e2e465570bfce9c4c1fcb74d4174bcb4abb1
          • Instruction ID: 62e41a2d23dd654f6f221fce33cf8eb2ed32c25738b3cb2faa7934460f5884a8
          • Opcode Fuzzy Hash: 5fdcd01e45c0138eb40e5407cb64e2e465570bfce9c4c1fcb74d4174bcb4abb1
          • Instruction Fuzzy Hash: A5318471A00208FBDB209F64EC89F9DBBB8FF54724F208165F515AA1D1C7799951CB50

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 279 720f0a-720f19 call 71f092 282 72101f 279->282 283 720f1f-720f30 call 720ed0 279->283 285 721026-72102a 282->285 287 720f50-720f96 CreateFileA 283->287 288 720f36-720f3a 283->288 291 720fe1-720fe4 287->291 292 720f9c-720fbd 287->292 289 720f40-720f4c 288->289 290 720f4d 288->290 289->290 290->287 293 721017-72101a call 720d5f 291->293 294 720fea-721001 call 71edd4 291->294 292->291 299 720fc3-720fe0 292->299 293->282 294->285 301 721007-721012 call 720dcd 294->301 299->291 301->282
          APIs
          • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000), ref: 00720F8C
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CreateFile
          • String ID:
          • API String ID: 823142352-0
          • Opcode ID: 8d93b3e4475a42cded522e4ef7576f2822e7569d73ce5d6d3f5972c36b3f8572
          • Instruction ID: 0e85c2852c3fac3a992998a68d68ca973cb79374c8356550146a5536c39c64f9
          • Opcode Fuzzy Hash: 8d93b3e4475a42cded522e4ef7576f2822e7569d73ce5d6d3f5972c36b3f8572
          • Instruction Fuzzy Hash: 2131A571A40204FAEB309F64EC49F9D77B8FB04724F208265F615AE1D2D3B9A591CB50

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 305 4b60d42-4b60d97 307 4b60d9f-4b60da3 305->307 308 4b60d99-4b60d9c 305->308 309 4b60da5-4b60da8 307->309 310 4b60dab-4b60dda OpenSCManagerW 307->310 308->307 309->310 311 4b60de3-4b60df7 310->311 312 4b60ddc-4b60de2 310->312 312->311
          APIs
          • OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04B60DCD
          Memory Dump Source
          • Source File: 00000000.00000002.2297142038.0000000004B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 66d86526f296f055e92c6dfa9ecf93c4cf5b795e62d866669f5a9197472cd200
          • Instruction ID: bd2c9649db404f5889c359bf5840ceca5cfbfd1cb839833c62bc0e78cc452d4e
          • Opcode Fuzzy Hash: 66d86526f296f055e92c6dfa9ecf93c4cf5b795e62d866669f5a9197472cd200
          • Instruction Fuzzy Hash: D12168B2C00208DFCB00CF9AD485ADEFBF0EF88710F10825AD908AB204D738A941CBA4

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 314 4b60d48-4b60d97 316 4b60d9f-4b60da3 314->316 317 4b60d99-4b60d9c 314->317 318 4b60da5-4b60da8 316->318 319 4b60dab-4b60dda OpenSCManagerW 316->319 317->316 318->319 320 4b60de3-4b60df7 319->320 321 4b60ddc-4b60de2 319->321 321->320
          APIs
          • OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04B60DCD
          Memory Dump Source
          • Source File: 00000000.00000002.2297142038.0000000004B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
          Similarity
          • API ID: ManagerOpen
          • String ID:
          • API String ID: 1889721586-0
          • Opcode ID: 73cd57f969db62fcbc61a163acf7b0628603f43a91a05239c586d959374c38cf
          • Instruction ID: 38da70224cfc63b648e2d2b7cc9935b88585b617d586ef8707586f8aee10e9fd
          • Opcode Fuzzy Hash: 73cd57f969db62fcbc61a163acf7b0628603f43a91a05239c586d959374c38cf
          • Instruction Fuzzy Hash: 9A2135B6C00209DFCB50DF9AD884ADEFBF4EF88710F14825AD909AB204D734A540CBA4
          APIs
          • ControlService.ADVAPI32(?,?,?), ref: 04B61580
          Memory Dump Source
          • Source File: 00000000.00000002.2297142038.0000000004B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
          Similarity
          • API ID: ControlService
          • String ID:
          • API String ID: 253159669-0
          • Opcode ID: 0eece36b51c81bdf850abe8c1f4e37387974d1ac4e62d3af8e5a95cd4c39aa04
          • Instruction ID: ed9dfc0b518871ddd6ad40bec5369ca1939f154419680bb085951b1eafd663c4
          • Opcode Fuzzy Hash: 0eece36b51c81bdf850abe8c1f4e37387974d1ac4e62d3af8e5a95cd4c39aa04
          • Instruction Fuzzy Hash: 732114B1900349DFDB10CFAAD584BDEFBF4EB48320F108429E559A7240D778AA45CFA5
          APIs
          • ControlService.ADVAPI32(?,?,?), ref: 04B61580
          Memory Dump Source
          • Source File: 00000000.00000002.2297142038.0000000004B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
          Similarity
          • API ID: ControlService
          • String ID:
          • API String ID: 253159669-0
          • Opcode ID: 4d05920d0dee671fd4ec8fdeebdc36bd75714da20b2597cb120b3e537591a0cd
          • Instruction ID: b669689818f462792f53299c7093f204073d02981558444c807873e5b571c8d7
          • Opcode Fuzzy Hash: 4d05920d0dee671fd4ec8fdeebdc36bd75714da20b2597cb120b3e537591a0cd
          • Instruction Fuzzy Hash: D611E4B1900749DFDB10CF9AC584BDEFBF4EB48360F108429E559A7250D778A644CFA5
          APIs
            • Part of subcall function 0071EFB4: GetCurrentThreadId.KERNEL32 ref: 0071EFC3
            • Part of subcall function 0071EFB4: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 0071F006
          • MapViewOfFileEx.KERNELBASE(?,?,?,?,?,?,-11D85FEC), ref: 007242C2
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CurrentFileSleepThreadView
          • String ID:
          • API String ID: 2270672837-0
          • Opcode ID: 97efedd86cb84c713b9ad82fc97fd485c19d6d63b43ddd73e94ec305abdd71d4
          • Instruction ID: 219eda0d907c807d95006d3be7bba7a3eeb968d5deeb6a3937f02c3d5afd7454
          • Opcode Fuzzy Hash: 97efedd86cb84c713b9ad82fc97fd485c19d6d63b43ddd73e94ec305abdd71d4
          • Instruction Fuzzy Hash: 6711F73210015AEACF12AFA5EC09CDE3FB6FF59340B004421FA1155472C73AC4B2EB61
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CurrentSleepThread
          • String ID:
          • API String ID: 1164918020-0
          • Opcode ID: 81c7dccbe065b0f428f8e2c9c05fbb7568a895d3335c77b8c89db18f60be4160
          • Instruction ID: 00610ab2de39247649add9bb1d7eb958315776d95e124678c3b435f0019db896
          • Opcode Fuzzy Hash: 81c7dccbe065b0f428f8e2c9c05fbb7568a895d3335c77b8c89db18f60be4160
          • Instruction Fuzzy Hash: 51115E3210011AEBDF229FA8E90DA9F3B75FF44340F104054FA11550A2C77ECAA6EB50
          APIs
          • ImpersonateLoggedOnUser.KERNELBASE ref: 04B61367
          Memory Dump Source
          • Source File: 00000000.00000002.2297142038.0000000004B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
          Similarity
          • API ID: ImpersonateLoggedUser
          • String ID:
          • API String ID: 2216092060-0
          • Opcode ID: b39f8cc3f549a1a4cb6dd82081ac4d78e22676c9e88e808e3192da58f61b1838
          • Instruction ID: afaa1516354767d2d18f9d58535aa7a26b66cfacfa92fff0decb6a9d8d68e556
          • Opcode Fuzzy Hash: b39f8cc3f549a1a4cb6dd82081ac4d78e22676c9e88e808e3192da58f61b1838
          • Instruction Fuzzy Hash: 221140B1800249CFDB10CF9AC484BEEFBF4EF48320F20846AD518A7240C738A984CBA5
          APIs
          • ImpersonateLoggedOnUser.KERNELBASE ref: 04B61367
          Memory Dump Source
          • Source File: 00000000.00000002.2297142038.0000000004B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_4b60000_file.jbxd
          Similarity
          • API ID: ImpersonateLoggedUser
          • String ID:
          • API String ID: 2216092060-0
          • Opcode ID: 0e5c0cf015b314bfa8751af333c127d428620833cc63cda0a21a847d75756cbf
          • Instruction ID: 59206a119f132c8f8cbbd5c5569b795dae9c86037b8b4351042f0825c2bd8fd0
          • Opcode Fuzzy Hash: 0e5c0cf015b314bfa8751af333c127d428620833cc63cda0a21a847d75756cbf
          • Instruction Fuzzy Hash: 471122B1800249CFDB10CF9AC545BEEFBF8EB48720F20846AD559A3240D778A944CBA5
          APIs
            • Part of subcall function 0071EFB4: GetCurrentThreadId.KERNEL32 ref: 0071EFC3
            • Part of subcall function 0071EFB4: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 0071F006
          • ReadFile.KERNELBASE(?,00000000,?,00000400,?,-11D85FEC,?,?,00721636,?,?,00000400,?,00000000,?,00000000), ref: 00723973
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CurrentFileReadSleepThread
          • String ID:
          • API String ID: 1253362762-0
          • Opcode ID: 3877cb0403bb68d647fb2816897086e7133bb8d8a1816c80f7dbdfbf0b736da8
          • Instruction ID: b45ca00026893bb61bc22b499372931df81e562d54422dcc2cd6451660ee3e9c
          • Opcode Fuzzy Hash: 3877cb0403bb68d647fb2816897086e7133bb8d8a1816c80f7dbdfbf0b736da8
          • Instruction Fuzzy Hash: FDF0193220014AEADF125F98E809EDE3B66BF99345F004025FA55590A2C77ED6E2EB61
          APIs
          • CreateFileA.KERNELBASE(00000000), ref: 006D1FF0
          Memory Dump Source
          • Source File: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CreateFile
          • String ID:
          • API String ID: 823142352-0
          • Opcode ID: 6fa1e31bbd2662d078c6a3044c5aee738f65fe7cc7ce9ee27d6aebba63817375
          • Instruction ID: 14561c0d867af78c9ab88ed6f32bd8bebdae0c623fb469c5e6941e12409446e2
          • Opcode Fuzzy Hash: 6fa1e31bbd2662d078c6a3044c5aee738f65fe7cc7ce9ee27d6aebba63817375
          • Instruction Fuzzy Hash: CFF0A0B694C12A7DE3129B016DA0EFE6B2DD683374B34042BF805D7183DA440D199274
          APIs
          • CreateFileA.KERNELBASE(-006A5F13,006D227B,00000003), ref: 006D2341
          Memory Dump Source
          • Source File: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CreateFile
          • String ID:
          • API String ID: 823142352-0
          • Opcode ID: 84a03af2ad877acda92e8c2a03cb3e7f44b359ea04b49ed00256709c40ed9115
          • Instruction ID: add314e3ab669625a73a14f5c784eb9b544382ab0bde59370858fa8cd9f1ba09
          • Opcode Fuzzy Hash: 84a03af2ad877acda92e8c2a03cb3e7f44b359ea04b49ed00256709c40ed9115
          • Instruction Fuzzy Hash: 7DE068BB68820A1F9700DEB95CA05FE3369F8B0370736042BEC91C3649D3280A8B4336
          APIs
          • GetProcAddress.KERNEL32(007200A0,007200A0), ref: 00720935
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: AddressProc
          • String ID:
          • API String ID: 190572456-0
          • Opcode ID: b5d586d3f8410a2e8e297b69c3831c7eabc99ca2b5913ad4aaf6f1c35ee7af30
          • Instruction ID: 9042f72350062b6901e2941e8e1e819e9c8abe61980c611a441e7abcbca14c70
          • Opcode Fuzzy Hash: b5d586d3f8410a2e8e297b69c3831c7eabc99ca2b5913ad4aaf6f1c35ee7af30
          • Instruction Fuzzy Hash: 24E0ED35104025FA9F113F74ED0E99E2A29BF54394B108025FD4B540A7DB7DD5D2DAF1
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CreateFile
          • String ID:
          • API String ID: 823142352-0
          • Opcode ID: 41cfb50c1f465fee41c80a68ee19eef4154926adf1932fe6f630f2d2f03cd3f4
          • Instruction ID: d22d2c90235debbb24d19ed9353a64a23978eae73a2d82969f1772a83502fd86
          • Opcode Fuzzy Hash: 41cfb50c1f465fee41c80a68ee19eef4154926adf1932fe6f630f2d2f03cd3f4
          • Instruction Fuzzy Hash: 10C02B56448A5128D12092F40C3633C4111CFE2313F30C8CD9714BE3D2884348078515
          APIs
          • CreateFileA.KERNELBASE(00000000), ref: 006D1FF0
          Memory Dump Source
          • Source File: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CreateFile
          • String ID:
          • API String ID: 823142352-0
          • Opcode ID: 581fae23b3f2eb5cc239310f19f3148301bf15ff51280d18999ed3cbd4096bbd
          • Instruction ID: e99907f411537415d39f92115593879bac2078c275e25e44fe86504f463d2036
          • Opcode Fuzzy Hash: 581fae23b3f2eb5cc239310f19f3148301bf15ff51280d18999ed3cbd4096bbd
          • Instruction Fuzzy Hash: D8D02271C002AEAACB538F20C8B1BEC3B19CF97210F1804499C05E7383C9680C108328
          APIs
          • VirtualAlloc.KERNELBASE(00000000), ref: 0054F1D1
          Memory Dump Source
          • Source File: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: AllocVirtual
          • String ID:
          • API String ID: 4275171209-0
          • Opcode ID: 4655b3227c512e0e47a4a0118c010bb7a13d57cb76d69b5e3cad6052e4c5fc48
          • Instruction ID: cd6624fd78b886bcd8288ff6d67dbb428dc46f53007edd1150e1597ee5da98ab
          • Opcode Fuzzy Hash: 4655b3227c512e0e47a4a0118c010bb7a13d57cb76d69b5e3cad6052e4c5fc48
          • Instruction Fuzzy Hash: AC41E0B390C210AFE704AF2CD8156AABBE8EB50324F264C3EE9C5D7640E6359C408797
          APIs
          • VirtualAlloc.KERNELBASE(00000000), ref: 0054F1D1
          Memory Dump Source
          • Source File: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: AllocVirtual
          • String ID:
          • API String ID: 4275171209-0
          • Opcode ID: e9bf86b8dc1457910a1198a6c4aa96e450a79a040b5ce9f5cf88852f8ed802f5
          • Instruction ID: 8db0fd917a3a672543fdba7594bdf8e816a55b25c441d367a15c8575002f06d8
          • Opcode Fuzzy Hash: e9bf86b8dc1457910a1198a6c4aa96e450a79a040b5ce9f5cf88852f8ed802f5
          • Instruction Fuzzy Hash: AD41D5F790C2109FE7046A2CDC156BABBE9EB44324F250D3EE985D3740E5769C408797
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: lstrcmpi
          • String ID:
          • API String ID: 1586166983-0
          • Opcode ID: 05d2449d3011dd067dc6163e2a34e4a1a501c78a641071a3700880bc0d18b21f
          • Instruction ID: 98a529009c78b1a769e4e0ee06f14730bae3d82c50b4c8eeadfb608cf26142e7
          • Opcode Fuzzy Hash: 05d2449d3011dd067dc6163e2a34e4a1a501c78a641071a3700880bc0d18b21f
          • Instruction Fuzzy Hash: 9A01D236A0010EFECF119FA8CC08DDEBB76FF45350F0051B1E501A41A0D7368AA2EB60
          APIs
            • Part of subcall function 0071EFB4: GetCurrentThreadId.KERNEL32 ref: 0071EFC3
            • Part of subcall function 0071EFB4: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 0071F006
          • CloseHandle.KERNELBASE(007216CB,-11D85FEC,?,?,007216CB,?), ref: 00721D46
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CloseCurrentHandleSleepThread
          • String ID:
          • API String ID: 4003616898-0
          • Opcode ID: 17b544e1c8c58996fec9e92b7f41ddc1c8ef37dff2c352fa4c88405c9856e4ec
          • Instruction ID: 82fef4ee70ee8aac38abf84baefc86a02c8eef6f0fdb6afd10e37c821eecb836
          • Opcode Fuzzy Hash: 17b544e1c8c58996fec9e92b7f41ddc1c8ef37dff2c352fa4c88405c9856e4ec
          • Instruction Fuzzy Hash: 3CE04F72300142FADF20ABBCE80DD8E2A68AFA43857404136F802890E7DA7DD1D6D661
          APIs
          • CloseHandle.KERNELBASE(?,?,0071EE53,?,?), ref: 00720DD3
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CloseHandle
          • String ID:
          • API String ID: 2962429428-0
          • Opcode ID: 68d6c93d42f27f9fc6c8106641f6487c564db7735170fd96275324f76f807f90
          • Instruction ID: 9c618cfccb5ec4c5cb9cb2386a993e2c184b076d00a8ba1552d4c1628531d19b
          • Opcode Fuzzy Hash: 68d6c93d42f27f9fc6c8106641f6487c564db7735170fd96275324f76f807f90
          • Instruction Fuzzy Hash: 67B09232100108BBCB11BFA1EC0AC8EBF69FF153D9B108120B9064C432DB76E9609BE0
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID:
          • String ID: 2F\$TVo$b
          • API String ID: 0-3676628122
          • Opcode ID: 3b906e6bbf17a46e6d79b0c7ef321ed881fcbabec0393c8ff6623730355860a8
          • Instruction ID: b3cc960c7fabd1115fc6a4ac89d3b7c012c78088c510e4c1caa0ec2bad7971e4
          • Opcode Fuzzy Hash: 3b906e6bbf17a46e6d79b0c7ef321ed881fcbabec0393c8ff6623730355860a8
          • Instruction Fuzzy Hash: B4C124B284D3C09FD7139B7898A56A5BFE2AE52310B0E86DFC4C08B653D7259449C793
          APIs
            • Part of subcall function 0071EFB4: GetCurrentThreadId.KERNEL32 ref: 0071EFC3
            • Part of subcall function 0071EFB4: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 0071F006
          • GetSystemTime.KERNEL32(?,-11D85FEC), ref: 00723136
          • GetFileTime.KERNEL32(?,?,?,?,-11D85FEC), ref: 00723179
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: Time$CurrentFileSleepSystemThread
          • String ID:
          • API String ID: 3818558864-0
          • Opcode ID: f714892533cc6719b7799cced05cfa76f4b200807682afbdd43f1f491f2ab0a7
          • Instruction ID: 0dc2cc9a4f44aecc185f0e0a375a65bd861473bfc0f4b0008a7782681f48b1c1
          • Opcode Fuzzy Hash: f714892533cc6719b7799cced05cfa76f4b200807682afbdd43f1f491f2ab0a7
          • Instruction Fuzzy Hash: DC01D63220048AFBDF215F59EC0CD9E7B76EF95761B004126F901495A2C77ACAA1DA61
          APIs
          • CryptVerifySignatureA.ADVAPI32(?,?,?,?,?,?), ref: 00724006
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CryptSignatureVerify
          • String ID:
          • API String ID: 1015439381-0
          • Opcode ID: 87c93baf5c8326cc78d53c93dd9698605aa96cd91e7b7429c6923f717a516520
          • Instruction ID: bbf51252951eecbdf27a926092884f85fce4842dc399a0696eeb3a806e7d4689
          • Opcode Fuzzy Hash: 87c93baf5c8326cc78d53c93dd9698605aa96cd91e7b7429c6923f717a516520
          • Instruction Fuzzy Hash: 16F01C3660010AFFCF11CF94EA4598C7BB1FF09345B10C125F90696151D37ADAA1EF40
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID:
          • String ID: NTDL
          • API String ID: 0-3662016964
          • Opcode ID: 6e84c4e73434d92c82f0597552281ffbdd9e85428632a1e9a64fce23866f4d3b
          • Instruction ID: 0a52a8784f0ad3589b51bd1c3982ab3e71dc667187472e4f005d7261a66711eb
          • Opcode Fuzzy Hash: 6e84c4e73434d92c82f0597552281ffbdd9e85428632a1e9a64fce23866f4d3b
          • Instruction Fuzzy Hash: 2E71077290410ECFDB15CE64C5402EF7FF1FB56328F24091AE8428BA46D7B25D25EB69
          Memory Dump Source
          • Source File: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5a19e6c9108b6ea3f86861b526bd08aa2d9b2f3bb11fb02086d21d9da444974a
          • Instruction ID: 84cdd713d8b0d613f0466b4e2cf97cfcefd9cb8d2cc2726f1f63041bff114ee0
          • Opcode Fuzzy Hash: 5a19e6c9108b6ea3f86861b526bd08aa2d9b2f3bb11fb02086d21d9da444974a
          • Instruction Fuzzy Hash: F5D1F3A284D3C19FC7238B344CB99E57FA1AE2321470E86CFC4C08F5A3D719954AC762
          Memory Dump Source
          • Source File: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 572f8125bae2bd018224a36a0e169bf2a782723508edf8cc2a8fae8cdc19162f
          • Instruction ID: 9add13bb21b910b960124a367bc64393ac55eae389b48ee12abc3f6878784133
          • Opcode Fuzzy Hash: 572f8125bae2bd018224a36a0e169bf2a782723508edf8cc2a8fae8cdc19162f
          • Instruction Fuzzy Hash: 5971F6F3908220AFE314BE1DDC45A6ABBE9EF94320F16492DEBC893740E631591087D7
          Memory Dump Source
          • Source File: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 12bf267fd932765a60157ce57c53ab714e3e0ea94f93a64fd70d0722fcd341bf
          • Instruction ID: 71e16970f1143f68cdd90f7c99eb4540c1c85a398d33eab2b5d669d39c8cc65e
          • Opcode Fuzzy Hash: 12bf267fd932765a60157ce57c53ab714e3e0ea94f93a64fd70d0722fcd341bf
          • Instruction Fuzzy Hash: 336106B3908220AFE3157E1DDC45AAABBE9EF94360F16453DEBC893740E631590087D7
          Memory Dump Source
          • Source File: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0f08b222e9c026a501c0d622b4f1641b6874fe6e332ab6bd322b7bb6fd211583
          • Instruction ID: afc2ff2a14305338435efea0b51572b0c883bc68854dbc58beb7f619efae8d9d
          • Opcode Fuzzy Hash: 0f08b222e9c026a501c0d622b4f1641b6874fe6e332ab6bd322b7bb6fd211583
          • Instruction Fuzzy Hash: CB4170B350C600AFE705AF19E941ABAFBF9FB95720F26482EE1C5C3600D77548448B63
          Memory Dump Source
          • Source File: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 228b1f3b9a0815fc0878ce5ed24a491eca6770871034e7bc55dfbc2dada5bec2
          • Instruction ID: c76567cfa1999ffc3c45a90918bcd05415d3f5ffa04df8a9d2b991568379cb27
          • Opcode Fuzzy Hash: 228b1f3b9a0815fc0878ce5ed24a491eca6770871034e7bc55dfbc2dada5bec2
          • Instruction Fuzzy Hash: 9B4179F350C70C9FD60C7928DC8527AB7D9ABD6720F3A432EE68392744F96D5600E282
          Memory Dump Source
          • Source File: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9ece3ae5413b448294417e910b28e5844d475584474a4fa8d8b55fd32085b83d
          • Instruction ID: 787cc0b5ddfa04346716c43bc78980ba1b5a5bc2d479445b1be1a412c656c4ac
          • Opcode Fuzzy Hash: 9ece3ae5413b448294417e910b28e5844d475584474a4fa8d8b55fd32085b83d
          • Instruction Fuzzy Hash: E4416BF3C0D354DFD218295ACC5473AB6D6EF14700F26062E9ADA93780FE76880292C7
          Memory Dump Source
          • Source File: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dca5c23af977fc21554ca642f69e9c27f81fb10d3ed8951c944a51b0c818aa2e
          • Instruction ID: 293bd8bb6b2f6178ef1431ed6608c9257fe5b86c102e6282adfd4380f1e8992b
          • Opcode Fuzzy Hash: dca5c23af977fc21554ca642f69e9c27f81fb10d3ed8951c944a51b0c818aa2e
          • Instruction Fuzzy Hash: AA314CB250C210AFE705AF29D885A7EFBE9FF98710F12482DEAC5D3610D23158508B63
          Memory Dump Source
          • Source File: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d2bfada09535aa921d1c238a0196e0e3e6180ed1ac43abe9a6fea8682552854d
          • Instruction ID: 3cd5f9cd572f708d679a570e9bc3e0bdb7a914f5d8e16cfc4ef7a5adb50279b7
          • Opcode Fuzzy Hash: d2bfada09535aa921d1c238a0196e0e3e6180ed1ac43abe9a6fea8682552854d
          • Instruction Fuzzy Hash: 602180B390C2149BE715AE1ADC81AAAFBE6EFD8261F16492DD6C853750DA315800CA92
          APIs
            • Part of subcall function 0071EFB4: GetCurrentThreadId.KERNEL32 ref: 0071EFC3
            • Part of subcall function 0071EFB4: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 0071F006
            • Part of subcall function 007236B5: IsBadWritePtr.KERNEL32(?,00000004), ref: 007236C3
          • wsprintfA.USER32 ref: 0072267D
          • LoadImageA.USER32(?,?,?,?,?,?), ref: 00722741
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: CurrentImageLoadSleepThreadWritewsprintf
          • String ID: %8x$%8x
          • API String ID: 2375920415-2046107164
          • Opcode ID: 96c839df3861b3ba937311326ecabe7824afde8dbf25746c485134aad7d921ba
          • Instruction ID: e547efde09f49632e39fd70a20c328742e8595ed636abeceee483411637588b5
          • Opcode Fuzzy Hash: 96c839df3861b3ba937311326ecabe7824afde8dbf25746c485134aad7d921ba
          • Instruction Fuzzy Hash: D031277290010AFBDF119F94ED09EEEBB79FF48700F108125FA11A61A1D7759A62DB50
          APIs
          • GetFileAttributesExW.KERNEL32(00C9125C,00004020,00000000,-11D85FEC), ref: 007232F5
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2294619176.000000000071C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00540000, based on PE: true
          • Associated: 00000000.00000002.2294058640.0000000000540000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294128291.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294153809.0000000000554000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294180250.0000000000555000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294204364.0000000000556000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294353086.00000000006BB000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294378378.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006CC000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294452626.00000000006E0000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294475140.00000000006E2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294509834.00000000006EE000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294528638.00000000006F0000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294546812.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294567855.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294590049.0000000000711000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294640752.0000000000725000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294683340.0000000000727000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294708020.000000000072A000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294744237.0000000000741000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294768242.0000000000744000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294793269.000000000074C000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294830407.0000000000752000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294857120.0000000000753000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294881732.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294938192.0000000000762000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294962900.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2294984715.0000000000766000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295007311.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295034966.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295053808.0000000000777000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295073524.0000000000778000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295092226.000000000077C000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295114160.0000000000784000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295134078.0000000000787000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295158300.00000000007A1000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295173392.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295188354.00000000007A3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295203821.00000000007A4000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E3000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295235102.00000000007E8000.00000080.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295274440.00000000007F8000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.2295292265.00000000007FA000.00000080.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_540000_file.jbxd
          Similarity
          • API ID: AttributesFile
          • String ID: @
          • API String ID: 3188754299-2726393805
          • Opcode ID: 4f7a6e08ba983b5e25087bb31d0facd0f57c0233dab49847dc02b938de4eb304
          • Instruction ID: 0f325884ff7db67e166171e8e43691ab4a008436aca19352a32b73338b5b6351
          • Opcode Fuzzy Hash: 4f7a6e08ba983b5e25087bb31d0facd0f57c0233dab49847dc02b938de4eb304
          • Instruction Fuzzy Hash: 6F31A075500715EFDB25CF48E848B9EBBB0FF04300F108529E856672A1C379A7A4DB90